shawndwells
commented
6 years ago @zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?
Open shawndwells opened 6 years ago
shawndwells
commented
6 years ago @zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?
zeyap
commented
6 years ago @zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?
This is helpful, thanks Shawn. By the way are 'Details' buttons intended for anything? I imagine it trigger display of control names.
+cc @zeyap @hannahdu
The current Standards page (http://localhost:3000/standards when running locally) has static/placeholder content to display various standards. It looks like this:
This data should be dynamically generated by querying the database and identifying what standards are available. However the database isn't made yet -- so we'll need to pull the data from flat files for now.
The flat-file data has been imported here: https://github.com/SecurityCentral/ui-mockup/tree/master/opencontrols/standards
Parsing the data will be a bit awkward. We'll need: (1) Name of the standard, which is identified through the
name:element (example: https://github.com/SecurityCentral/ui-mockup/blob/master/opencontrols/standards/nist-800-53-latest.yaml#L1)(2) How many control families are there? Will need to get the values of the
family:element, strip out duplicates, return number of unique entries.(3) How many security controls are contained in the standard? Will need to count rule entries, such as
AC-1andAC-2Examples:
(4) How many of the controls are
satisfied,partially satisfied, andnon-compliant? To pull this information the individual component files in https://github.com/SecurityCentral/ui-mockup/tree/master/opencontrols/components will need to be parsed.We can use the following
implementation_statuscodes to group the results:complete== satisfiedpartial== partially satisfiedunknownor anything other thancomplete/partial/not applicable== non-compliant