-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Joe English edited this page Feb 14, 2019
·
2 revisions
Welcome to the ssptool wiki! Feel free to edit!
Here's a rough outline of where I see it going:
Main tabs in browser front-end:
- Standards - list of applicable standards, generally fetched from upstream source via
compliance-masonry.- Standards contain Controls, grouped by Family
- Profiles - (called "Certifications" in OpenControl data model)
- each Profile contains a selection of Controls from one or more Standards
- possibly with tailoring information
- though that is not reflected in the OpenControl model
- Components
- both locally generated and fetched from upstream
- grouped by System
- Pages - Narrative information, authored in Markdown, can be included in Documents
- Reports - Various queries (gap analysis, SCTM, verification reports, ...)
- reports generate tabular data
- viewable as HTML, exportable as *.csv, possibly even as *.xlsx
- reports also available from command-line
-
sssptool report reportidproduces CSV output for futher automated processing
- Documents - complete documents
- assembled from Pages, Reports, and Generators
- organization specified in config file
- possible to generate multiple SSPs with different profiles/sections to satisfy different contractor requirements.