aaronlippold
commented
5 years ago Open aaronlippold opened 5 years ago
aaronlippold
commented
5 years ago 
ejaronne
commented
5 years ago The previous scope is too complex for my use case that spawned this idea. Attached is a sample of what it should look like. Call it simply "Summary CAAT". Only one row per 800-53 control number. All the data needed is in the InSpec json already, except for the 800-53r4 Control Name. You'll need a look-up for that. No user interaction is needed. This provides initial capability simply. I'd like this in heimdall-lite first. Summary_CAAT_Template.xlsx
aaronlippold
commented
5 years ago Ok. We can keep this on the backlog until our initial release is finalized.
Full Data: The current function of the
CAATcomponent.Condensed/Interactive: Use Case: A user wants to fold each NIST Sub-Family into single row rather than multiple rows for every result. If they select the condensed mode - we will have a 'wizard model' come out and ask what 'standard text' we want for each column for that Sub-Family Finding - walking them across the spreadsheet.
As the user is walking though each sub-family step - It would be good if we can have another model that has a datatable of the 'detailed results' of those findings for the sub-family that they could open and close for review if needed.
UX consideration: we can we can suggest a 'default' answer - a) like Severity ( if 8 / 10 are high or they are all the same) or b) if they have already provided an answer - such as 'System Name' - that is unlikely to change. ( perhaps the
last answeris good enough for most cases ).Once they walk through, they can save it as a csv/xlsx.