Open shawndwells opened 6 years ago
@zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?
@zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?
This is helpful, thanks Shawn. By the way are 'Details' buttons intended for anything? I imagine it trigger display of control names.
+cc @zeyap @hannahdu
The current Standards page (http://localhost:3000/standards when running locally) has static/placeholder content to display various standards. It looks like this:
This data should be dynamically generated by querying the database and identifying what standards are available. However the database isn't made yet -- so we'll need to pull the data from flat files for now.
The flat-file data has been imported here: https://github.com/SecurityCentral/ui-mockup/tree/master/opencontrols/standards
Parsing the data will be a bit awkward. We'll need: (1) Name of the standard, which is identified through the
name:
element (example: https://github.com/SecurityCentral/ui-mockup/blob/master/opencontrols/standards/nist-800-53-latest.yaml#L1)(2) How many control families are there? Will need to get the values of the
family:
element, strip out duplicates, return number of unique entries.(3) How many security controls are contained in the standard? Will need to count rule entries, such as
AC-1
andAC-2
Examples:
(4) How many of the controls are
satisfied
,partially satisfied
, andnon-compliant
? To pull this information the individual component files in https://github.com/SecurityCentral/ui-mockup/tree/master/opencontrols/components will need to be parsed.We can use the following
implementation_status
codes to group the results:complete
== satisfiedpartial
== partially satisfiedunknown
or anything other thancomplete
/partial
/not applicable
== non-compliant