Open ronaldtse opened 1 year ago
@kwkwan the next step is to use the Catalogue with the Profile model together. i.e. the Profile class can link with a Catalogue, and can output a tailored array of controls.
It should be able to generate a "resolved profile catalog".
The "resolved profile catalog" is this:
sources/oscal-content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_catalog.yaml
sources/oscal-content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_HIGH-baseline_profile.yaml
sources/oscal-content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_HIGH-baseline-resolved-profile_catalog.yaml
Specifically, the profile contains:
imports: - href: NIST_SP-800-53_rev5_catalog.yaml include-controls: - with-ids: - ac-1 - ac-2 # ...
which indicates the location of the catalog, and what controls to import.
The profile also contains:
merge: as-is: true
Which seems to indicate the behavior of merging multiple profiles together? (you're more familiar...)
@kwkwan the next step is to use the Catalogue with the Profile model together. i.e. the Profile class can link with a Catalogue, and can output a tailored array of controls.
It should be able to generate a "resolved profile catalog".
The "resolved profile catalog" is this:
sources/oscal-content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_catalog.yamlsources/oscal-content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_HIGH-baseline_profile.yamlsources/oscal-content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_HIGH-baseline-resolved-profile_catalog.yamlunderSpecifically, the profile contains:
which indicates the location of the catalog, and what controls to import.
The profile also contains:
Which seems to indicate the behavior of merging multiple profiles together? (you're more familiar...)