search

redteam-project / sckg

Security Control Knowledge Graph
GNU General Public License v3.0
39 stars 16 forks source link

Organization vs System controls #11

Open its-a-lisa-at-work opened 4 years ago

its-a-lisa-at-work commented 4 years ago

Is it possible to map which controls are organization controls opposed to controls that are system controls?

jason-callaway commented 4 years ago

Yes, but you might be able to get what you want with a query. If there's anything in the description that indicates that it's an organizational control we could do something like:

match (r:regime)-[:HAS*]->(c:control) where c.description contains 'organization-defined' return c.name

On the other hand, it's likely that if there's a bash implementation that references a control we could probably infer that it's a system control:

match (r:regime {name: 'NIST 800-53'})-[:HAS*]->(c:control) with c match (b:baseline)-[*..4]->(c) where b.name ends with '.sh' return distinct(c.name)

Thoughts?