Remove FTP from BOD 23-02 Scope

[KeithBonesJr]

💡 Summary

Remove FTP from the scope of BOD 23-02

Motivation and context

File Transfer Protocol (FTP)

The service itself - does not function as a method for connecting to an NMI, but the FTP default port could be configured to do so (e.g. SSH running on port 21).

Because CyHy VS flags the service, CyHy will stop flagging/reporting FTP as potential NMI instances. The CyberDirectives and Cyber Hygiene teams believes this provides better accuracy and lowers the NMI reporting/tracking level of effort

CyHy messaging around risky services (FTP included) will continue in weekly and ad-hoc alerts, but it will no longer be connected directly with BOD 23-02 reporting requirements.

Implementation notes

The following updates need to be made

• Remove asterisks for "FTP" on report card within the Potentially Risky Open Services on VS main report
• Remove FTP from NMI count on VS main report
• Change possible NMI to FALSE when detected for the potentially risky services attachment within the VS main report and ad-hoc alerts
• Remove red from ftp services on ad-hoc alerts
• Remove red and asterisks for category on ad-hoc

Acceptance criteria

• [x] FTP listed on "Potentially Risky Open Services" on VS main report with no asterisks
• [x] FTP is not factored into the NMI count on VS main report (fed and non-fed)
• [x] The "Possible NMI" column within the potentially risky services attachment should say FALSE when FTP is flagged for the main VS report
• [x] The "Possible NMI" column within the potentially risky services attachment should say FALSE when FTP is flagged for the ad-hoc alerts
• [x] The ftp services displayed in black for the table within the ad-hoc alerts when FTP is flagged
• [x] The ftp category displayed in black with no asterisks for the table within the ad-hoc alerts table when FTP is flagged

[dav3r]

This should just be a matter of removing "ftp" from the list of POTENTIAL_NMI_SERVICES here and here.

[KeithBonesJr]

[heart] Bones, Keith (CTR) reacted to your message:

---

From: dav3r @.> Sent: Thursday, November 16, 2023 2:59:17 PM To: cisagov/cyhy-system @.> Cc: Bones, Keith (CTR) @.>; Author @.> Subject: Re: [cisagov/cyhy-system] Remove FTP from BOD 23-02 Scope (Issue #108)

CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.

This should just be a matter of removing "ftp" from the list of POTENTIAL_NMI_SERVICES herehttps://urldefense.us/v3/__https://github.com/cisagov/cyhy-reports/blob/57e67d7f336fb215d0f8ed7e861e51fc32c3a01b/cyhy_report/customer/generate_report.py*L185-L196__;Iw!!BClRuOV5cvtbuNI!GUIcjNpuDcs_A33QDwOQdN5ylz6LoiqPGdUUad5rKWgIK1XUWeZOVKwCxx29WTd_QVLmjG0Jz4F5ExzmtYDy7OlgaAhiJ_LbR4ream4$ and herehttps://urldefense.us/v3/__https://github.com/cisagov/cyhy-reports/blob/57e67d7f336fb215d0f8ed7e861e51fc32c3a01b/cyhy_report/cyhy_notification/generate_notification.py*L127-L138__;Iw!!BClRuOV5cvtbuNI!GUIcjNpuDcs_A33QDwOQdN5ylz6LoiqPGdUUad5rKWgIK1XUWeZOVKwCxx29WTd_QVLmjG0Jz4F5ExzmtYDy7OlgaAhiJ_Lb3_anW2Y$.

— Reply to this email directly, view it on GitHubhttps://urldefense.us/v3/__https://github.com/cisagov/cyhy-system/issues/108*issuecomment-1814622902__;Iw!!BClRuOV5cvtbuNI!GUIcjNpuDcs_A33QDwOQdN5ylz6LoiqPGdUUad5rKWgIK1XUWeZOVKwCxx29WTd_QVLmjG0Jz4F5ExzmtYDy7OlgaAhiJ_LbOMGo1DA$, or unsubscribehttps://urldefense.us/v3/__https://github.com/notifications/unsubscribe-auth/AUX67FPTKTFPGATIGFK5CBTYEYS4LAVCNFSM6AAAAAA7NPQS2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJUGYZDEOJQGI__;!!BClRuOV5cvtbuNI!GUIcjNpuDcs_A33QDwOQdN5ylz6LoiqPGdUUad5rKWgIK1XUWeZOVKwCxx29WTd_QVLmjG0Jz4F5ExzmtYDy7OlgaAhiJ_LbZadTJTM$. You are receiving this because you authored the thread.Message ID: @.***>