-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Handle OpenControl repo w/ no dependencies. Fixes #27.
- Loading branch information
1 parent
c0c22da
commit 3f7b904
Showing
9 changed files
with
146 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
compliancelib/tests/test_data/repo_no_dependencies/AU_policy/component.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
documentation_complete: false | ||
name: Audit Policy | ||
schema_version: 3.0.0 | ||
references: | ||
- name: AU Policy | ||
path: https://github.com/opencontrol/freedonia-policies/wiki/Audit-Policy | ||
satisfies: | ||
- control_key: AU-1 | ||
standard_key: FRIST-800-53 | ||
covered_by: [] | ||
implementation_status: implemented | ||
narrative: | ||
- text: | | ||
This text describes how our organization is meeting the requirements for the | ||
Audit policy, and also references a more complete description at ./AU_policy/README.md | ||
Since the AU-1 `control` is to document and disseminate a policy on Audit and Accountability, then | ||
this narrative suffices to provide that control. A verification step could be something | ||
that checks that the referenced policy is no more than 365 days old. | ||
- control_key: AU-2 | ||
standard_key: FRIST-800-53 | ||
covered_by: [] | ||
implementation_status: none | ||
narrative: | ||
- text: | | ||
Application and Server logs are sent to PaperTrail to provide audit | ||
reduction and report generation capabilites for Freedonia Devops and end users | ||
of the Freedonia hello_world system. | ||
PaperTrail is a SaaS for aggregation of audit log data across multiple systems and tiers | ||
With the PaperTrail capability, organizations operations and development teams | ||
can structure and customize audit logs queries to specific app instances, API | ||
calls, system metrics, user access, system components, network traffic flow and | ||
other criteria. | ||
- control_key: AU-3 | ||
standard_key: FRIST-800-53 | ||
covered_by: [] | ||
implementation_status: none | ||
narrative: | | ||
This is a sample control where no text attribute was defined for the control key, just text. |
9 changes: 9 additions & 0 deletions
9
compliancelib/tests/test_data/repo_no_dependencies/certifications/FredRAMP-low.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
name: FredRAMP-low | ||
standards: | ||
|
||
FRIST-800-53: | ||
AU-1: {} | ||
AU-2: {} | ||
PE-2: {} | ||
SC-1: {} | ||
SC-7: {} |
29 changes: 29 additions & 0 deletions
29
compliancelib/tests/test_data/repo_no_dependencies/certifications/LATO.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
|
||
name: LATO | ||
standards: | ||
NIST-800-53: | ||
AC-2: {} | ||
AC-3: {} | ||
AC-6: {} | ||
AU-2: {} | ||
AU-6: {} | ||
CA-8: {} | ||
CM-2: {} | ||
CM-3: {} | ||
CM-6: {} | ||
CM-8: {} | ||
IA-2: {} | ||
IA-2 (1): {} | ||
IA-2 (2): {} | ||
IA-2 (12): {} | ||
PL-8: {} | ||
RA-5: {} | ||
SA-11 (1): {} | ||
SA-22 (1): {} | ||
SC-7: {} | ||
SC-12 (1): {} | ||
SC-13: {} | ||
SC-28 (1): {} | ||
SI-2: {} | ||
SI-4: {} | ||
SI-10: {} |
13 changes: 13 additions & 0 deletions
13
compliancelib/tests/test_data/repo_no_dependencies/opencontrol.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
schema_version: "1.0.0" | ||
name: freedonia_nd.fd | ||
metadata: | ||
description: Test OpenControl repo with local certifications and standards and standards and no dependencies key | ||
maintainers: | ||
- pburkholder@pobox.com | ||
components: | ||
- ./AU_policy | ||
standards: | ||
- ./standards/FRIST-800-53.yaml | ||
certifications: | ||
- ./certifications/FredRAMP-low.yaml | ||
- ./certifications/LATO.yaml |
22 changes: 22 additions & 0 deletions
22
compliancelib/tests/test_data/repo_no_dependencies/standards/FRIST-800-53.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
name: FRIST-800-53 | ||
AU-1: | ||
family: AU | ||
name: Audit and Accountability Policy and Procedures | ||
AU-2: | ||
family: AU | ||
name: Audit Events | ||
AU-2 (3): | ||
family: AU | ||
name: Audit Events | Reviews and Updates | ||
PE-2: | ||
family: PE | ||
name: Physical Access Authorizations | ||
SC-1: | ||
family: SC | ||
name: System and Communications Protection Policy and Procedures | ||
SC-7: | ||
family: SC | ||
name: Boundary Protection | ||
XX-1: | ||
family: XX | ||
name: Dummy Mock Control |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters