From 307e525dc4736c8721177202538978b9f1e04701 Mon Sep 17 00:00:00 2001 From: Aaron Ott Date: Mon, 10 Jul 2023 10:32:22 -0600 Subject: [PATCH 01/53] Update D-Security-Requirements.yml Updated longDescription to remove line breaks that lead to strange paragraph wrapping in the PDF. --- model/security_practices/D-Security-Requirements.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/model/security_practices/D-Security-Requirements.yml b/model/security_practices/D-Security-Requirements.yml index 282eb60d7618..de6a50ce1ce0 100644 --- a/model/security_practices/D-Security-Requirements.yml +++ b/model/security_practices/D-Security-Requirements.yml @@ -21,14 +21,7 @@ shortDescription: This practice focuses on defining appropriate security require #A multi-paragraph description of the security practice longDescription: | - The Security Requirements (SR) practice focuses on security requirements that are important - in the context of secure software. A first type deals with typical software-related - requirements, to specify objectives and expectations to protect the service and - data at the core of the application. A second type deals with requirements relative to supplier organizations that are part of the development context of the application, in particular for outsourced development. It is important to - streamline the expectations in terms of secure development because outsourced development - can have significant impact on the security of the application. The security of - 3rd party (technical) libraries is part of the software supply chains stream (see - Secure Build), and it is not included in this practice. + The Security Requirements (SR) practice focuses on security requirements that are important in the context of secure software. A first type deals with typical software-related requirements, to specify objectives and expectations to protect the service and data at the core of the application. A second type deals with requirements relative to supplier organizations that are part of the development context of the application, in particular for outsourced development. It is important to streamline the expectations in terms of secure development because outsourced development can have significant impact on the security of the application. The security of 3rd party (technical) libraries is part of the software supply chains stream (see Secure Build), and it is not included in this practice. #The relative order of this practice in the business function order: 2 From 5c9a5913ba4b3950c2f2e7ed1351104c5d59d45b Mon Sep 17 00:00:00 2001 From: Aaron Ott Date: Mon, 17 Jul 2023 09:49:25 -0600 Subject: [PATCH 02/53] Update O-Incident-Management.yml fixing small typo --- model/security_practices/O-Incident-Management.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/security_practices/O-Incident-Management.yml b/model/security_practices/O-Incident-Management.yml index 248d1d489951..d5c7d758a2e0 100644 --- a/model/security_practices/O-Incident-Management.yml +++ b/model/security_practices/O-Incident-Management.yml @@ -16,7 +16,7 @@ name: Incident Management shortName: IM #A one sentence description of the security practice -shortDescription: This practice addresses activities carried out improve the organization's detection of, and response to, security incidents. +shortDescription: This practice addresses activities carried out to improve the organization's detection of, and response to, security incidents. #A multi-paragraph description of the security practice longDescription: | From d8c485578410894a4aaee5de18ffeb0cddd98623 Mon Sep 17 00:00:00 2001 From: Pat-Duarte Date: Fri, 4 Aug 2023 14:46:53 -0300 Subject: [PATCH 03/53] Fixes #107, Fixes #123 --- model/activities/O-OM-2-B.yml | 2 +- model/questions/V-ST-2-B.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/model/activities/O-OM-2-B.yml b/model/activities/O-OM-2-B.yml index 0c833e0a8d9f..9372ae4356ec 100644 --- a/model/activities/O-OM-2-B.yml +++ b/model/activities/O-OM-2-B.yml @@ -16,7 +16,7 @@ id: 60d7a0a61dd142d5a87009bc5b93df56 title: Formalize decommissioning process #Describe the benefit that is achieved by implementing this activity -benefit: Standardized decommisioning process decreasing the risk of forgetting components +benefit: Standardized decommissioning process decreasing the risk of forgetting components #A one sentence description of the activity shortDescription: Develop repeatable decommissioning processes for unused systems/services, diff --git a/model/questions/V-ST-2-B.yml b/model/questions/V-ST-2-B.yml index 56ac8d0eaee6..eb15c2ca0db8 100644 --- a/model/questions/V-ST-2-B.yml +++ b/model/questions/V-ST-2-B.yml @@ -24,7 +24,7 @@ quality: - Penetration testing looks for both technical and logical issues in the application - Stakeholders review the test results and handle them in accordance with the organization's risk management -- Qualified personnnel performs penetration testing +- Qualified personnel performs penetration testing #Type Classification of the Document type: Question From 91eb70f6f195a08cceb77cce9dcbd20fae8d05e9 Mon Sep 17 00:00:00 2001 From: Johan Lindfors Date: Wed, 4 Oct 2023 21:10:20 +0200 Subject: [PATCH 04/53] Update maturitylevel to maturityLevel --- model/practice_levels/D-SA-1.yml | 2 +- model/practice_levels/D-SA-2.yml | 2 +- model/practice_levels/D-SA-3.yml | 2 +- model/practice_levels/D-SR-1.yml | 2 +- model/practice_levels/D-SR-2.yml | 2 +- model/practice_levels/D-SR-3.yml | 2 +- model/practice_levels/D-TA-1.yml | 2 +- model/practice_levels/D-TA-2.yml | 2 +- model/practice_levels/D-TA-3.yml | 2 +- model/practice_levels/G-EG-1.yml | 2 +- model/practice_levels/G-EG-2.yml | 2 +- model/practice_levels/G-EG-3.yml | 2 +- model/practice_levels/G-PC-1.yml | 2 +- model/practice_levels/G-PC-2.yml | 2 +- model/practice_levels/G-PC-3.yml | 2 +- model/practice_levels/G-SM-1.yml | 2 +- model/practice_levels/G-SM-2.yml | 2 +- model/practice_levels/G-SM-3.yml | 2 +- model/practice_levels/I-DM-1.yml | 2 +- model/practice_levels/I-DM-2.yml | 2 +- model/practice_levels/I-DM-3.yml | 2 +- model/practice_levels/I-SB-1.yml | 2 +- model/practice_levels/I-SB-2.yml | 2 +- model/practice_levels/I-SB-3.yml | 2 +- model/practice_levels/I-SD-1.yml | 2 +- model/practice_levels/I-SD-2.yml | 2 +- model/practice_levels/I-SD-3.yml | 2 +- model/practice_levels/O-EM-1.yml | 2 +- model/practice_levels/O-EM-2.yml | 2 +- model/practice_levels/O-EM-3.yml | 2 +- model/practice_levels/O-IM-1.yml | 2 +- model/practice_levels/O-IM-2.yml | 2 +- model/practice_levels/O-IM-3.yml | 2 +- model/practice_levels/O-OM-1.yml | 2 +- model/practice_levels/O-OM-2.yml | 2 +- model/practice_levels/O-OM-3.yml | 2 +- model/practice_levels/V-AA-1.yml | 2 +- model/practice_levels/V-AA-2.yml | 2 +- model/practice_levels/V-AA-3.yml | 2 +- model/practice_levels/V-RT-1.yml | 2 +- model/practice_levels/V-RT-2.yml | 2 +- model/practice_levels/V-RT-3.yml | 2 +- model/practice_levels/V-ST-1.yml | 2 +- model/practice_levels/V-ST-2.yml | 2 +- model/practice_levels/V-ST-3.yml | 2 +- 45 files changed, 45 insertions(+), 45 deletions(-) diff --git a/model/practice_levels/D-SA-1.yml b/model/practice_levels/D-SA-1.yml index 8774540637d4..52a51c63f6b2 100644 --- a/model/practice_levels/D-SA-1.yml +++ b/model/practice_levels/D-SA-1.yml @@ -6,7 +6,7 @@ practice: 4753e55e943c4d418303bf90d599c6b1 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SA-2.yml b/model/practice_levels/D-SA-2.yml index 95594511cabb..86d50b5001a5 100644 --- a/model/practice_levels/D-SA-2.yml +++ b/model/practice_levels/D-SA-2.yml @@ -6,7 +6,7 @@ practice: 4753e55e943c4d418303bf90d599c6b1 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SA-3.yml b/model/practice_levels/D-SA-3.yml index e82d7c392284..439eec87b7ca 100644 --- a/model/practice_levels/D-SA-3.yml +++ b/model/practice_levels/D-SA-3.yml @@ -6,7 +6,7 @@ practice: 4753e55e943c4d418303bf90d599c6b1 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SR-1.yml b/model/practice_levels/D-SR-1.yml index 199880f4b17c..a9e7a7c70737 100644 --- a/model/practice_levels/D-SR-1.yml +++ b/model/practice_levels/D-SR-1.yml @@ -6,7 +6,7 @@ practice: 5702908efca4499e87a0239f32920d9b #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SR-2.yml b/model/practice_levels/D-SR-2.yml index 1e5a97d291cb..4035bb585e21 100644 --- a/model/practice_levels/D-SR-2.yml +++ b/model/practice_levels/D-SR-2.yml @@ -6,7 +6,7 @@ practice: 5702908efca4499e87a0239f32920d9b #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-SR-3.yml b/model/practice_levels/D-SR-3.yml index 059d95796372..2396b41e7c89 100644 --- a/model/practice_levels/D-SR-3.yml +++ b/model/practice_levels/D-SR-3.yml @@ -6,7 +6,7 @@ practice: 5702908efca4499e87a0239f32920d9b #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-TA-1.yml b/model/practice_levels/D-TA-1.yml index 3252fb5b8c9c..12899385c2f5 100644 --- a/model/practice_levels/D-TA-1.yml +++ b/model/practice_levels/D-TA-1.yml @@ -6,7 +6,7 @@ practice: f9269aebfe2c4d5b9293ba42a40a93ac #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-TA-2.yml b/model/practice_levels/D-TA-2.yml index dd68bfa0830a..cf67e7724702 100644 --- a/model/practice_levels/D-TA-2.yml +++ b/model/practice_levels/D-TA-2.yml @@ -6,7 +6,7 @@ practice: f9269aebfe2c4d5b9293ba42a40a93ac #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/D-TA-3.yml b/model/practice_levels/D-TA-3.yml index f97fc090bfa1..ea62185893fb 100644 --- a/model/practice_levels/D-TA-3.yml +++ b/model/practice_levels/D-TA-3.yml @@ -6,7 +6,7 @@ practice: f9269aebfe2c4d5b9293ba42a40a93ac #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-EG-1.yml b/model/practice_levels/G-EG-1.yml index add35e0fdbdd..6aea97e20a1f 100644 --- a/model/practice_levels/G-EG-1.yml +++ b/model/practice_levels/G-EG-1.yml @@ -6,7 +6,7 @@ practice: 483a0a1b78264cafbc470ce72d557332 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-EG-2.yml b/model/practice_levels/G-EG-2.yml index 59d38b64e40e..6fc4c0f10150 100644 --- a/model/practice_levels/G-EG-2.yml +++ b/model/practice_levels/G-EG-2.yml @@ -6,7 +6,7 @@ practice: 483a0a1b78264cafbc470ce72d557332 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-EG-3.yml b/model/practice_levels/G-EG-3.yml index 394d788a8b96..5d3c16cf365e 100644 --- a/model/practice_levels/G-EG-3.yml +++ b/model/practice_levels/G-EG-3.yml @@ -6,7 +6,7 @@ practice: 483a0a1b78264cafbc470ce72d557332 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-PC-1.yml b/model/practice_levels/G-PC-1.yml index b518745a32ba..e894513d0d86 100644 --- a/model/practice_levels/G-PC-1.yml +++ b/model/practice_levels/G-PC-1.yml @@ -6,7 +6,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-PC-2.yml b/model/practice_levels/G-PC-2.yml index 06ff9544db44..aa9e2d2e379e 100644 --- a/model/practice_levels/G-PC-2.yml +++ b/model/practice_levels/G-PC-2.yml @@ -6,7 +6,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-PC-3.yml b/model/practice_levels/G-PC-3.yml index b65799a3806d..ee15017ce000 100644 --- a/model/practice_levels/G-PC-3.yml +++ b/model/practice_levels/G-PC-3.yml @@ -6,7 +6,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-SM-1.yml b/model/practice_levels/G-SM-1.yml index ee9b6e9a1e23..69546e6ffada 100644 --- a/model/practice_levels/G-SM-1.yml +++ b/model/practice_levels/G-SM-1.yml @@ -6,7 +6,7 @@ practice: 32b3bdd85d3a4d53827960004f9d1c7e #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-SM-2.yml b/model/practice_levels/G-SM-2.yml index 16cb1f1f4f15..bfc88de4add1 100644 --- a/model/practice_levels/G-SM-2.yml +++ b/model/practice_levels/G-SM-2.yml @@ -6,7 +6,7 @@ practice: 32b3bdd85d3a4d53827960004f9d1c7e #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/G-SM-3.yml b/model/practice_levels/G-SM-3.yml index b1bcec6271b6..f8ae5ee91600 100644 --- a/model/practice_levels/G-SM-3.yml +++ b/model/practice_levels/G-SM-3.yml @@ -6,7 +6,7 @@ practice: 32b3bdd85d3a4d53827960004f9d1c7e #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-DM-1.yml b/model/practice_levels/I-DM-1.yml index acd52b0fa29f..17d583eaeb93 100644 --- a/model/practice_levels/I-DM-1.yml +++ b/model/practice_levels/I-DM-1.yml @@ -6,7 +6,7 @@ practice: e17d573510904f65a1fe6040b56ad0b1 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-DM-2.yml b/model/practice_levels/I-DM-2.yml index a798eebee083..486c6e790997 100644 --- a/model/practice_levels/I-DM-2.yml +++ b/model/practice_levels/I-DM-2.yml @@ -6,7 +6,7 @@ practice: e17d573510904f65a1fe6040b56ad0b1 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-DM-3.yml b/model/practice_levels/I-DM-3.yml index d51b11833d7c..efdda437a6a1 100644 --- a/model/practice_levels/I-DM-3.yml +++ b/model/practice_levels/I-DM-3.yml @@ -6,7 +6,7 @@ practice: e17d573510904f65a1fe6040b56ad0b1 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SB-1.yml b/model/practice_levels/I-SB-1.yml index 80232a4cf911..9ca7ffe42800 100644 --- a/model/practice_levels/I-SB-1.yml +++ b/model/practice_levels/I-SB-1.yml @@ -6,7 +6,7 @@ practice: b2af112859d34cada6ce4cf44d393b94 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SB-2.yml b/model/practice_levels/I-SB-2.yml index a691f2de41ad..0519acb0d7b2 100644 --- a/model/practice_levels/I-SB-2.yml +++ b/model/practice_levels/I-SB-2.yml @@ -6,7 +6,7 @@ practice: b2af112859d34cada6ce4cf44d393b94 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SB-3.yml b/model/practice_levels/I-SB-3.yml index 36bed185e8da..de4065d23724 100644 --- a/model/practice_levels/I-SB-3.yml +++ b/model/practice_levels/I-SB-3.yml @@ -6,7 +6,7 @@ practice: b2af112859d34cada6ce4cf44d393b94 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SD-1.yml b/model/practice_levels/I-SD-1.yml index 35018982cbbf..474d9a3164e6 100644 --- a/model/practice_levels/I-SD-1.yml +++ b/model/practice_levels/I-SD-1.yml @@ -6,7 +6,7 @@ practice: 40d7879025144dbbbf34ba8ea82f060d #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SD-2.yml b/model/practice_levels/I-SD-2.yml index f0953b6ddaac..c04f8948f3c7 100644 --- a/model/practice_levels/I-SD-2.yml +++ b/model/practice_levels/I-SD-2.yml @@ -6,7 +6,7 @@ practice: 40d7879025144dbbbf34ba8ea82f060d #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/I-SD-3.yml b/model/practice_levels/I-SD-3.yml index f603ee3bb3c5..a0d33f4bd260 100644 --- a/model/practice_levels/I-SD-3.yml +++ b/model/practice_levels/I-SD-3.yml @@ -6,7 +6,7 @@ practice: 40d7879025144dbbbf34ba8ea82f060d #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-EM-1.yml b/model/practice_levels/O-EM-1.yml index 3a5e8c7abede..7782ffbdec60 100644 --- a/model/practice_levels/O-EM-1.yml +++ b/model/practice_levels/O-EM-1.yml @@ -6,7 +6,7 @@ practice: 53a9cd5c2d3643f3b71e4e9d92b811e2 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-EM-2.yml b/model/practice_levels/O-EM-2.yml index 7b1f83ac6ea0..3a3b788a2785 100644 --- a/model/practice_levels/O-EM-2.yml +++ b/model/practice_levels/O-EM-2.yml @@ -6,7 +6,7 @@ practice: 53a9cd5c2d3643f3b71e4e9d92b811e2 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-EM-3.yml b/model/practice_levels/O-EM-3.yml index e721bae544bd..f9bffb50450e 100644 --- a/model/practice_levels/O-EM-3.yml +++ b/model/practice_levels/O-EM-3.yml @@ -6,7 +6,7 @@ practice: 53a9cd5c2d3643f3b71e4e9d92b811e2 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-IM-1.yml b/model/practice_levels/O-IM-1.yml index 8c3b553c4236..6f4a38c65cdd 100644 --- a/model/practice_levels/O-IM-1.yml +++ b/model/practice_levels/O-IM-1.yml @@ -6,7 +6,7 @@ practice: c13aa12c13d04362a3ca3385a8c580ee #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-IM-2.yml b/model/practice_levels/O-IM-2.yml index a7560d917066..aa626bea064f 100644 --- a/model/practice_levels/O-IM-2.yml +++ b/model/practice_levels/O-IM-2.yml @@ -6,7 +6,7 @@ practice: c13aa12c13d04362a3ca3385a8c580ee #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-IM-3.yml b/model/practice_levels/O-IM-3.yml index c850415cc437..bf9da9c105f4 100644 --- a/model/practice_levels/O-IM-3.yml +++ b/model/practice_levels/O-IM-3.yml @@ -6,7 +6,7 @@ practice: c13aa12c13d04362a3ca3385a8c580ee #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-OM-1.yml b/model/practice_levels/O-OM-1.yml index 9a1926dfbde8..9aa21e030ba2 100644 --- a/model/practice_levels/O-OM-1.yml +++ b/model/practice_levels/O-OM-1.yml @@ -6,7 +6,7 @@ practice: 8f07145b5ea74388b2217895d5e7b5c2 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-OM-2.yml b/model/practice_levels/O-OM-2.yml index 56a2d367407f..9191a7c67a02 100644 --- a/model/practice_levels/O-OM-2.yml +++ b/model/practice_levels/O-OM-2.yml @@ -6,7 +6,7 @@ practice: 8f07145b5ea74388b2217895d5e7b5c2 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/O-OM-3.yml b/model/practice_levels/O-OM-3.yml index f57883360112..1bf89aa43e09 100644 --- a/model/practice_levels/O-OM-3.yml +++ b/model/practice_levels/O-OM-3.yml @@ -6,7 +6,7 @@ practice: 8f07145b5ea74388b2217895d5e7b5c2 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-AA-1.yml b/model/practice_levels/V-AA-1.yml index 0de2f4643b02..56c8ae97c008 100644 --- a/model/practice_levels/V-AA-1.yml +++ b/model/practice_levels/V-AA-1.yml @@ -6,7 +6,7 @@ practice: 53f2da68c37a4ced8d5e767298fba589 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-AA-2.yml b/model/practice_levels/V-AA-2.yml index 749d2fb5f28d..c92c5cf6025b 100644 --- a/model/practice_levels/V-AA-2.yml +++ b/model/practice_levels/V-AA-2.yml @@ -6,7 +6,7 @@ practice: 53f2da68c37a4ced8d5e767298fba589 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-AA-3.yml b/model/practice_levels/V-AA-3.yml index 729a170434cd..cfb29edc49fb 100644 --- a/model/practice_levels/V-AA-3.yml +++ b/model/practice_levels/V-AA-3.yml @@ -6,7 +6,7 @@ practice: 53f2da68c37a4ced8d5e767298fba589 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-RT-1.yml b/model/practice_levels/V-RT-1.yml index 0fdd26dfc88b..9220677b7d2d 100644 --- a/model/practice_levels/V-RT-1.yml +++ b/model/practice_levels/V-RT-1.yml @@ -6,7 +6,7 @@ practice: 66fb99798fe946e4979a2de98e9d6f8b #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-RT-2.yml b/model/practice_levels/V-RT-2.yml index 82582d149544..71c5e6c1a746 100644 --- a/model/practice_levels/V-RT-2.yml +++ b/model/practice_levels/V-RT-2.yml @@ -6,7 +6,7 @@ practice: 66fb99798fe946e4979a2de98e9d6f8b #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-RT-3.yml b/model/practice_levels/V-RT-3.yml index 933764ec55b4..e791cef3386d 100644 --- a/model/practice_levels/V-RT-3.yml +++ b/model/practice_levels/V-RT-3.yml @@ -6,7 +6,7 @@ practice: 66fb99798fe946e4979a2de98e9d6f8b #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-ST-1.yml b/model/practice_levels/V-ST-1.yml index 4199ffdcd51e..bcea0a7598fc 100644 --- a/model/practice_levels/V-ST-1.yml +++ b/model/practice_levels/V-ST-1.yml @@ -6,7 +6,7 @@ practice: bb5488860c124b6e8076b023485023e1 #Link to the maturity level, using its unique identifier -maturitylevel: 0a1dc80f84964f2fa776c5d8e932353a +maturityLevel: 0a1dc80f84964f2fa776c5d8e932353a #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-ST-2.yml b/model/practice_levels/V-ST-2.yml index 6dc6d05cbe13..c7674948b20d 100644 --- a/model/practice_levels/V-ST-2.yml +++ b/model/practice_levels/V-ST-2.yml @@ -6,7 +6,7 @@ practice: bb5488860c124b6e8076b023485023e1 #Link to the maturity level, using its unique identifier -maturitylevel: 47dd82af343e4695a0385418af4398d1 +maturityLevel: 47dd82af343e4695a0385418af4398d1 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. diff --git a/model/practice_levels/V-ST-3.yml b/model/practice_levels/V-ST-3.yml index 6b16c086bf5c..f87c81deb89e 100644 --- a/model/practice_levels/V-ST-3.yml +++ b/model/practice_levels/V-ST-3.yml @@ -6,7 +6,7 @@ practice: bb5488860c124b6e8076b023485023e1 #Link to the maturity level, using its unique identifier -maturitylevel: 7bbfe31d447e48759ef0f2af25c31b43 +maturityLevel: 7bbfe31d447e48759ef0f2af25c31b43 #Unique identifier (GUID) used to refer to this practice level. #Please generate another identifier for your specific practice level. From 3fa772d598edc25ab845a628cdf8d853ca16fd7f Mon Sep 17 00:00:00 2001 From: Johan Lindfors Date: Wed, 4 Oct 2023 21:10:47 +0200 Subject: [PATCH 05/53] Updated answerset to answerSet --- model/questions/D-SA-1-A.yml | 2 +- model/questions/D-SA-1-B.yml | 2 +- model/questions/D-SA-2-A.yml | 2 +- model/questions/D-SA-2-B.yml | 2 +- model/questions/D-SA-3-A.yml | 2 +- model/questions/D-SA-3-B.yml | 2 +- model/questions/D-SR-1-A.yml | 2 +- model/questions/D-SR-1-B.yml | 2 +- model/questions/D-SR-2-A.yml | 2 +- model/questions/D-SR-2-B.yml | 2 +- model/questions/D-SR-3-A.yml | 2 +- model/questions/D-SR-3-B.yml | 2 +- model/questions/D-TA-1-A.yml | 2 +- model/questions/D-TA-1-B.yml | 2 +- model/questions/D-TA-2-A.yml | 2 +- model/questions/D-TA-2-B.yml | 2 +- model/questions/D-TA-3-A.yml | 2 +- model/questions/D-TA-3-B.yml | 2 +- model/questions/G-EG-1-A.yml | 2 +- model/questions/G-EG-1-B.yml | 2 +- model/questions/G-EG-2-A.yml | 2 +- model/questions/G-EG-2-B.yml | 2 +- model/questions/G-EG-3-A.yml | 2 +- model/questions/G-EG-3-B.yml | 2 +- model/questions/G-PC-1-A.yml | 2 +- model/questions/G-PC-1-B.yml | 2 +- model/questions/G-PC-2-A.yml | 2 +- model/questions/G-PC-2-B.yml | 2 +- model/questions/G-PC-3-A.yml | 2 +- model/questions/G-PC-3-B.yml | 2 +- model/questions/G-SM-1-A.yml | 2 +- model/questions/G-SM-1-B.yml | 2 +- model/questions/G-SM-2-A.yml | 2 +- model/questions/G-SM-2-B.yml | 2 +- model/questions/G-SM-3-A.yml | 2 +- model/questions/G-SM-3-B.yml | 2 +- model/questions/I-DM-1-A.yml | 2 +- model/questions/I-DM-1-B.yml | 2 +- model/questions/I-DM-2-A.yml | 2 +- model/questions/I-DM-2-B.yml | 2 +- model/questions/I-DM-3-A.yml | 2 +- model/questions/I-DM-3-B.yml | 2 +- model/questions/I-SB-1-A.yml | 2 +- model/questions/I-SB-1-B.yml | 2 +- model/questions/I-SB-2-A.yml | 2 +- model/questions/I-SB-2-B.yml | 2 +- model/questions/I-SB-3-A.yml | 2 +- model/questions/I-SB-3-B.yml | 2 +- model/questions/I-SD-1-A.yml | 2 +- model/questions/I-SD-1-B.yml | 2 +- model/questions/I-SD-2-A.yml | 2 +- model/questions/I-SD-2-B.yml | 2 +- model/questions/I-SD-3-A.yml | 2 +- model/questions/I-SD-3-B.yml | 2 +- model/questions/O-EM-1-A.yml | 2 +- model/questions/O-EM-1-B.yml | 2 +- model/questions/O-EM-2-A.yml | 2 +- model/questions/O-EM-2-B.yml | 2 +- model/questions/O-EM-3-A.yml | 2 +- model/questions/O-EM-3-B.yml | 2 +- model/questions/O-IM-1-A.yml | 2 +- model/questions/O-IM-1-B.yml | 2 +- model/questions/O-IM-2-A.yml | 2 +- model/questions/O-IM-2-B.yml | 2 +- model/questions/O-IM-3-A.yml | 2 +- model/questions/O-IM-3-B.yml | 2 +- model/questions/O-OM-1-A.yml | 2 +- model/questions/O-OM-1-B.yml | 2 +- model/questions/O-OM-2-A.yml | 2 +- model/questions/O-OM-2-B.yml | 2 +- model/questions/O-OM-3-A.yml | 2 +- model/questions/O-OM-3-B.yml | 2 +- model/questions/V-AA-1-A.yml | 2 +- model/questions/V-AA-1-B.yml | 2 +- model/questions/V-AA-2-A.yml | 2 +- model/questions/V-AA-2-B.yml | 2 +- model/questions/V-AA-3-A.yml | 2 +- model/questions/V-AA-3-B.yml | 2 +- model/questions/V-RT-1-A.yml | 2 +- model/questions/V-RT-1-B.yml | 2 +- model/questions/V-RT-2-A.yml | 2 +- model/questions/V-RT-2-B.yml | 2 +- model/questions/V-RT-3-A.yml | 2 +- model/questions/V-RT-3-B.yml | 2 +- model/questions/V-ST-1-A.yml | 2 +- model/questions/V-ST-1-B.yml | 2 +- model/questions/V-ST-2-A.yml | 2 +- model/questions/V-ST-2-B.yml | 2 +- model/questions/V-ST-3-A.yml | 2 +- model/questions/V-ST-3-B.yml | 2 +- 90 files changed, 90 insertions(+), 90 deletions(-) diff --git a/model/questions/D-SA-1-A.yml b/model/questions/D-SA-1-A.yml index 88b4b11e8e7c..bf14d2a4052e 100644 --- a/model/questions/D-SA-1-A.yml +++ b/model/questions/D-SA-1-A.yml @@ -6,7 +6,7 @@ activity: 27bb61f3c6344359b021caeaef5ab07e #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-1-B.yml b/model/questions/D-SA-1-B.yml index 5e16398341e9..37590535e014 100644 --- a/model/questions/D-SA-1-B.yml +++ b/model/questions/D-SA-1-B.yml @@ -6,7 +6,7 @@ activity: 27cdd2a336a44e56a42632c7a78fcf4f #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-2-A.yml b/model/questions/D-SA-2-A.yml index f2459f21d879..02ca1d7e299c 100644 --- a/model/questions/D-SA-2-A.yml +++ b/model/questions/D-SA-2-A.yml @@ -6,7 +6,7 @@ activity: 9b6a86278ba14a9098d3d60a9a78d6c5 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-2-B.yml b/model/questions/D-SA-2-B.yml index 9ec2a36da839..9b67ad7617a4 100644 --- a/model/questions/D-SA-2-B.yml +++ b/model/questions/D-SA-2-B.yml @@ -6,7 +6,7 @@ activity: 5e1dd310e28449058046c7af0fe46fce #Link to the answer set that contains the potential answers for this question -answerset: b6fd4b86ecf04955befe9322ff338ca8 +answerSet: b6fd4b86ecf04955befe9322ff338ca8 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-3-A.yml b/model/questions/D-SA-3-A.yml index 29db06103b07..53ebe56a2425 100644 --- a/model/questions/D-SA-3-A.yml +++ b/model/questions/D-SA-3-A.yml @@ -6,7 +6,7 @@ activity: aa962032982a4d53bd34cd8771558df1 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SA-3-B.yml b/model/questions/D-SA-3-B.yml index bc4c5bcc0fce..d2ca2a614bcf 100644 --- a/model/questions/D-SA-3-B.yml +++ b/model/questions/D-SA-3-B.yml @@ -6,7 +6,7 @@ activity: 3afce608ad7c42deb37a04d6b86e5c33 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-1-A.yml b/model/questions/D-SR-1-A.yml index 6eac49e75d74..d7b9d0256e6e 100644 --- a/model/questions/D-SR-1-A.yml +++ b/model/questions/D-SR-1-A.yml @@ -6,7 +6,7 @@ activity: 91086153b98b46928e36dd031b27bdc2 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-1-B.yml b/model/questions/D-SR-1-B.yml index 3ea3d5833a05..eade1249c94d 100644 --- a/model/questions/D-SR-1-B.yml +++ b/model/questions/D-SR-1-B.yml @@ -6,7 +6,7 @@ activity: 2b01696356ed4652accf093f6c6a47ee #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-2-A.yml b/model/questions/D-SR-2-A.yml index 2a6f4e2db18a..774c0a178100 100644 --- a/model/questions/D-SR-2-A.yml +++ b/model/questions/D-SR-2-A.yml @@ -6,7 +6,7 @@ activity: 1cc77725cb2349f394477838668f6184 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-2-B.yml b/model/questions/D-SR-2-B.yml index cb907c70d3fc..eca74dd7894b 100644 --- a/model/questions/D-SR-2-B.yml +++ b/model/questions/D-SR-2-B.yml @@ -6,7 +6,7 @@ activity: 5d5e3d9beab9498ca1ce66d3a53a81c6 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-3-A.yml b/model/questions/D-SR-3-A.yml index 025eed15d238..f75cffaef5ad 100644 --- a/model/questions/D-SR-3-A.yml +++ b/model/questions/D-SR-3-A.yml @@ -6,7 +6,7 @@ activity: ce13df2e0dfb455588bf75135f1a718e #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-SR-3-B.yml b/model/questions/D-SR-3-B.yml index 68b7094b9ea7..4b715a902db4 100644 --- a/model/questions/D-SR-3-B.yml +++ b/model/questions/D-SR-3-B.yml @@ -6,7 +6,7 @@ activity: a9f56795ac84426c9e45f9471e82a8d7 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-1-A.yml b/model/questions/D-TA-1-A.yml index 3f432d51b764..c67903ddc1c3 100644 --- a/model/questions/D-TA-1-A.yml +++ b/model/questions/D-TA-1-A.yml @@ -6,7 +6,7 @@ activity: c6da6525773644d0a18b3a927caf6dd2 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-1-B.yml b/model/questions/D-TA-1-B.yml index 5076d7c368f8..520bef3f6a30 100644 --- a/model/questions/D-TA-1-B.yml +++ b/model/questions/D-TA-1-B.yml @@ -7,7 +7,7 @@ activity: 1ceadbb5a0024e2599821e7ce756f3a4 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-2-A.yml b/model/questions/D-TA-2-A.yml index 8591041ac3ad..3b2828474ae2 100644 --- a/model/questions/D-TA-2-A.yml +++ b/model/questions/D-TA-2-A.yml @@ -6,7 +6,7 @@ activity: 529d528265c94447954a57f5be425f54 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-2-B.yml b/model/questions/D-TA-2-B.yml index 0bbf3cc9c1c4..7452b010b0c2 100644 --- a/model/questions/D-TA-2-B.yml +++ b/model/questions/D-TA-2-B.yml @@ -6,7 +6,7 @@ activity: 649b693315234a94928e42f3e308deac #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-3-A.yml b/model/questions/D-TA-3-A.yml index a2dae318121f..02b72bc6ea6d 100644 --- a/model/questions/D-TA-3-A.yml +++ b/model/questions/D-TA-3-A.yml @@ -6,7 +6,7 @@ activity: 2f63f92c414546b58d035ece110d479f #Link to the answer set that contains the potential answers for this question -answerset: f3534ade73d8469e879c74b4e0a4eb3d +answerSet: f3534ade73d8469e879c74b4e0a4eb3d #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/D-TA-3-B.yml b/model/questions/D-TA-3-B.yml index fd5477903941..00ab31527e56 100644 --- a/model/questions/D-TA-3-B.yml +++ b/model/questions/D-TA-3-B.yml @@ -6,7 +6,7 @@ activity: e931a744c2864bef85a3fa75ce7e214f #Link to the answer set that contains the potential answers for this question -answerset: 01b2ac64461d4ec6b40843a4c77e1ba6 +answerSet: 01b2ac64461d4ec6b40843a4c77e1ba6 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-1-A.yml b/model/questions/G-EG-1-A.yml index 1eef2a1c5135..d65d1e55c8cc 100644 --- a/model/questions/G-EG-1-A.yml +++ b/model/questions/G-EG-1-A.yml @@ -6,7 +6,7 @@ activity: 93ccc4cdf5d841e3986f3684467b2bf1 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-1-B.yml b/model/questions/G-EG-1-B.yml index 2c4e99f436a3..7ca712248f0b 100644 --- a/model/questions/G-EG-1-B.yml +++ b/model/questions/G-EG-1-B.yml @@ -6,7 +6,7 @@ activity: ebd3782abc4343509981c52192904a42 #Link to the answer set that contains the potential answers for this question -answerset: a0d515d66004425e8039cf4197fce271 +answerSet: a0d515d66004425e8039cf4197fce271 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-2-A.yml b/model/questions/G-EG-2-A.yml index dd001a05a2fe..b7b1c4c418ad 100644 --- a/model/questions/G-EG-2-A.yml +++ b/model/questions/G-EG-2-A.yml @@ -6,7 +6,7 @@ activity: 05073fb130c74143a12a6ba74a44c580 #Link to the answer set that contains the potential answers for this question -answerset: f96770095fab4afbb27949c2242e47c2 +answerSet: f96770095fab4afbb27949c2242e47c2 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-2-B.yml b/model/questions/G-EG-2-B.yml index bb207437ff9f..9b309fa445e2 100644 --- a/model/questions/G-EG-2-B.yml +++ b/model/questions/G-EG-2-B.yml @@ -6,7 +6,7 @@ activity: d61764610f8741de894c1751f5c041ae #Link to the answer set that contains the potential answers for this question -answerset: 3d4c5c80278b4a58b80d559085804446 +answerSet: 3d4c5c80278b4a58b80d559085804446 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-3-A.yml b/model/questions/G-EG-3-A.yml index c556835e2faf..4c3de2d09458 100644 --- a/model/questions/G-EG-3-A.yml +++ b/model/questions/G-EG-3-A.yml @@ -6,7 +6,7 @@ activity: a061ed8a5b1c4899bc95d9b1a10a469d #Link to the answer set that contains the potential answers for this question -answerset: f96770095fab4afbb27949c2242e47c2 +answerSet: f96770095fab4afbb27949c2242e47c2 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-EG-3-B.yml b/model/questions/G-EG-3-B.yml index e43c20342d64..dbf703e7d851 100644 --- a/model/questions/G-EG-3-B.yml +++ b/model/questions/G-EG-3-B.yml @@ -6,7 +6,7 @@ activity: a3720e84d6a24a8ba235c25ce6afc5c7 #Link to the answer set that contains the potential answers for this question -answerset: 3d4c5c80278b4a58b80d559085804446 +answerSet: 3d4c5c80278b4a58b80d559085804446 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-1-A.yml b/model/questions/G-PC-1-A.yml index b0488ec6c8a0..d8a0c38c722d 100644 --- a/model/questions/G-PC-1-A.yml +++ b/model/questions/G-PC-1-A.yml @@ -6,7 +6,7 @@ activity: 6e7a618abd564df5bb784ca54893bbee #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-1-B.yml b/model/questions/G-PC-1-B.yml index d7546393c0b3..47545c65640a 100644 --- a/model/questions/G-PC-1-B.yml +++ b/model/questions/G-PC-1-B.yml @@ -6,7 +6,7 @@ activity: 852c76292e8a41de92205b31cb3f4e49 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-2-A.yml b/model/questions/G-PC-2-A.yml index 707f36cbfcfa..3b4dffb45fa1 100644 --- a/model/questions/G-PC-2-A.yml +++ b/model/questions/G-PC-2-A.yml @@ -6,7 +6,7 @@ activity: 09f4b814a3444b329a7c9c7f54152ffe #Link to the answer set that contains the potential answers for this question -answerset: 9a87d689fe35441aabf1ad4b7048b61e +answerSet: 9a87d689fe35441aabf1ad4b7048b61e #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-2-B.yml b/model/questions/G-PC-2-B.yml index 01a1884f697b..9ba80505df58 100644 --- a/model/questions/G-PC-2-B.yml +++ b/model/questions/G-PC-2-B.yml @@ -6,7 +6,7 @@ activity: 38932fe4024e4ec89646a82e0b4e651e #Link to the answer set that contains the potential answers for this question -answerset: f5042ff6c8d44068a9ac3e1bd8349760 +answerSet: f5042ff6c8d44068a9ac3e1bd8349760 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-3-A.yml b/model/questions/G-PC-3-A.yml index ae9806ebd59b..4ea252d0fdac 100644 --- a/model/questions/G-PC-3-A.yml +++ b/model/questions/G-PC-3-A.yml @@ -6,7 +6,7 @@ activity: fe7afe5fc04742bcbe476d4ba37d8091 #Link to the answer set that contains the potential answers for this question -answerset: e0fcc49a200847eab218c04e2c80490a +answerSet: e0fcc49a200847eab218c04e2c80490a #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-PC-3-B.yml b/model/questions/G-PC-3-B.yml index ea8bdcbe858f..27afb149ba67 100644 --- a/model/questions/G-PC-3-B.yml +++ b/model/questions/G-PC-3-B.yml @@ -6,7 +6,7 @@ activity: e7ba346fabdc44beb47e2c67c14a6726 #Link to the answer set that contains the potential answers for this question -answerset: e0fcc49a200847eab218c04e2c80490a +answerSet: e0fcc49a200847eab218c04e2c80490a #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-1-A.yml b/model/questions/G-SM-1-A.yml index 08ee3e2c850a..6810ba0ca47a 100644 --- a/model/questions/G-SM-1-A.yml +++ b/model/questions/G-SM-1-A.yml @@ -6,7 +6,7 @@ activity: ef0b56870b734b13868697017a9b605e #Link to the answer set that contains the potential answers for this question -answerset: f678b7a00f2441148087d48f8e0a6ad1 +answerSet: f678b7a00f2441148087d48f8e0a6ad1 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-1-B.yml b/model/questions/G-SM-1-B.yml index 280dfcccde14..6aa9009463d8 100644 --- a/model/questions/G-SM-1-B.yml +++ b/model/questions/G-SM-1-B.yml @@ -6,7 +6,7 @@ activity: 0082a76b1a3744d9ab0443bd2168e13d #Link to the answer set that contains the potential answers for this question -answerset: 608f87d59da44e589f0090790675ed23 +answerSet: 608f87d59da44e589f0090790675ed23 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-2-A.yml b/model/questions/G-SM-2-A.yml index 0dc1dadfb828..ab7ce363f8c9 100644 --- a/model/questions/G-SM-2-A.yml +++ b/model/questions/G-SM-2-A.yml @@ -6,7 +6,7 @@ activity: c1778728d66e4b83b59a42405a90598a #Link to the answer set that contains the potential answers for this question -answerset: 66e3e11eb8404fb6880377e539609678 +answerSet: 66e3e11eb8404fb6880377e539609678 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-2-B.yml b/model/questions/G-SM-2-B.yml index 912cf018bddf..ca9a17f75745 100644 --- a/model/questions/G-SM-2-B.yml +++ b/model/questions/G-SM-2-B.yml @@ -6,7 +6,7 @@ activity: c1aef0137df1400cbdd3c660b609b7b2 #Link to the answer set that contains the potential answers for this question -answerset: 439e7b91e6b446ae83b4d1efe831a97d +answerSet: 439e7b91e6b446ae83b4d1efe831a97d #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-3-A.yml b/model/questions/G-SM-3-A.yml index b014dae36e9d..aee39bfcc171 100644 --- a/model/questions/G-SM-3-A.yml +++ b/model/questions/G-SM-3-A.yml @@ -6,7 +6,7 @@ activity: e092ac0ccb8c4fccb6cd662f974dc107 #Link to the answer set that contains the potential answers for this question -answerset: 01b2ac64461d4ec6b40843a4c77e1ba6 +answerSet: 01b2ac64461d4ec6b40843a4c77e1ba6 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/G-SM-3-B.yml b/model/questions/G-SM-3-B.yml index 11e89f37a9a2..5252e105aea5 100644 --- a/model/questions/G-SM-3-B.yml +++ b/model/questions/G-SM-3-B.yml @@ -6,7 +6,7 @@ activity: 43d347fd280845718f16ccc811e5d942 #Link to the answer set that contains the potential answers for this question -answerset: 01b2ac64461d4ec6b40843a4c77e1ba6 +answerSet: 01b2ac64461d4ec6b40843a4c77e1ba6 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-1-A.yml b/model/questions/I-DM-1-A.yml index 10ab29d61453..3911e5060e44 100644 --- a/model/questions/I-DM-1-A.yml +++ b/model/questions/I-DM-1-A.yml @@ -6,7 +6,7 @@ activity: 93dff7be5f954f8d87d24f4261002508 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-1-B.yml b/model/questions/I-DM-1-B.yml index 4c87c651f741..5666cccfa0dc 100644 --- a/model/questions/I-DM-1-B.yml +++ b/model/questions/I-DM-1-B.yml @@ -6,7 +6,7 @@ activity: d1cb54f1ddd3432480513df320fc0ff8 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-2-A.yml b/model/questions/I-DM-2-A.yml index 1c74fa00c462..4f21a5257707 100644 --- a/model/questions/I-DM-2-A.yml +++ b/model/questions/I-DM-2-A.yml @@ -6,7 +6,7 @@ activity: 2bf0e192a904444b8a2f38c33256e80a #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-2-B.yml b/model/questions/I-DM-2-B.yml index aa875d8b1829..b79596c1ce2a 100644 --- a/model/questions/I-DM-2-B.yml +++ b/model/questions/I-DM-2-B.yml @@ -6,7 +6,7 @@ activity: 15d73a64818c43019504c8d938ca2434 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-3-A.yml b/model/questions/I-DM-3-A.yml index 9bae86bac37f..1c637b21b74e 100644 --- a/model/questions/I-DM-3-A.yml +++ b/model/questions/I-DM-3-A.yml @@ -6,7 +6,7 @@ activity: d955a7b3fbfc4b6aa5b327af9e01c377 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-DM-3-B.yml b/model/questions/I-DM-3-B.yml index 276b8598616e..bcb62fc6adaf 100644 --- a/model/questions/I-DM-3-B.yml +++ b/model/questions/I-DM-3-B.yml @@ -6,7 +6,7 @@ activity: f2a309b82fbc46cfb2f11c9cde20dc0a #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-1-A.yml b/model/questions/I-SB-1-A.yml index 9af8ada69654..2cd7f57093fb 100644 --- a/model/questions/I-SB-1-A.yml +++ b/model/questions/I-SB-1-A.yml @@ -6,7 +6,7 @@ activity: bf536a9305134a769adbd414652054ee #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-1-B.yml b/model/questions/I-SB-1-B.yml index 1975ff7d80bc..98bd679cf50e 100644 --- a/model/questions/I-SB-1-B.yml +++ b/model/questions/I-SB-1-B.yml @@ -6,7 +6,7 @@ activity: bed0489cae4e4401b1d44d56ad36c109 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-2-A.yml b/model/questions/I-SB-2-A.yml index f0db44cbf2e6..b7d5cf290eeb 100644 --- a/model/questions/I-SB-2-A.yml +++ b/model/questions/I-SB-2-A.yml @@ -6,7 +6,7 @@ activity: bcc960e835aa4ad58a9d39a272cbf6f1 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-2-B.yml b/model/questions/I-SB-2-B.yml index 538fe0795a0b..4d709fb13a54 100644 --- a/model/questions/I-SB-2-B.yml +++ b/model/questions/I-SB-2-B.yml @@ -6,7 +6,7 @@ activity: 857a43e335ba467598eca99d48ea0076 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-3-A.yml b/model/questions/I-SB-3-A.yml index c5581d9121a3..795fad240358 100644 --- a/model/questions/I-SB-3-A.yml +++ b/model/questions/I-SB-3-A.yml @@ -6,7 +6,7 @@ activity: 281369f491da4d4c84b0729e344e2c93 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SB-3-B.yml b/model/questions/I-SB-3-B.yml index 8d17c27842f7..c9bdbfa267a9 100644 --- a/model/questions/I-SB-3-B.yml +++ b/model/questions/I-SB-3-B.yml @@ -6,7 +6,7 @@ activity: d09a731835304ea8aeb4c21565e45c4b #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-1-A.yml b/model/questions/I-SD-1-A.yml index 165db37fcf0d..4c1023c79c7c 100644 --- a/model/questions/I-SD-1-A.yml +++ b/model/questions/I-SD-1-A.yml @@ -6,7 +6,7 @@ activity: 994bcac2bb7c4cc59a0faa365a0b58a0 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-1-B.yml b/model/questions/I-SD-1-B.yml index 974546ae5f1a..de13f0d71cdd 100644 --- a/model/questions/I-SD-1-B.yml +++ b/model/questions/I-SD-1-B.yml @@ -6,7 +6,7 @@ activity: 77a5f467ffe140e2a2839bb522e82c4e #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-2-A.yml b/model/questions/I-SD-2-A.yml index 95883d16dd1b..173c5eca8c1f 100644 --- a/model/questions/I-SD-2-A.yml +++ b/model/questions/I-SD-2-A.yml @@ -6,7 +6,7 @@ activity: 1f3a9306778f4539a437d9f19232cda7 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-2-B.yml b/model/questions/I-SD-2-B.yml index f3eefe330f42..b2a1482c785f 100644 --- a/model/questions/I-SD-2-B.yml +++ b/model/questions/I-SD-2-B.yml @@ -6,7 +6,7 @@ activity: 4729b4bd6dca4d58a68cb854ad4409a6 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-3-A.yml b/model/questions/I-SD-3-A.yml index 2ac868254bfb..8c77ce930ba8 100644 --- a/model/questions/I-SD-3-A.yml +++ b/model/questions/I-SD-3-A.yml @@ -6,7 +6,7 @@ activity: 05a3e75c6c654ae58a115cbf4295662b #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/I-SD-3-B.yml b/model/questions/I-SD-3-B.yml index 6ec6552701c0..aa079b991b69 100644 --- a/model/questions/I-SD-3-B.yml +++ b/model/questions/I-SD-3-B.yml @@ -6,7 +6,7 @@ activity: fed0d75c064c4a979a5b7b98adfdedbf #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-1-A.yml b/model/questions/O-EM-1-A.yml index 5c1e1a0026eb..afa0d7b0393d 100644 --- a/model/questions/O-EM-1-A.yml +++ b/model/questions/O-EM-1-A.yml @@ -6,7 +6,7 @@ activity: 786b3d7b39cd49a88090554a275f04a6 #This question uses Answer Set T -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-1-B.yml b/model/questions/O-EM-1-B.yml index d70bddb9f6c8..9b2558a308ed 100644 --- a/model/questions/O-EM-1-B.yml +++ b/model/questions/O-EM-1-B.yml @@ -6,7 +6,7 @@ activity: 0721d5bd5d67479991b5b52f33dcd7b1 #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-2-A.yml b/model/questions/O-EM-2-A.yml index 598fbc4789f8..c837caf7a5bf 100644 --- a/model/questions/O-EM-2-A.yml +++ b/model/questions/O-EM-2-A.yml @@ -6,7 +6,7 @@ activity: 84dcbc954d954d95b1fb37e032f05402 #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-2-B.yml b/model/questions/O-EM-2-B.yml index aa0a025b16fb..3b5ff5d8ee9b 100644 --- a/model/questions/O-EM-2-B.yml +++ b/model/questions/O-EM-2-B.yml @@ -6,7 +6,7 @@ activity: b7f1d18fbe724a148f039ce036de98ef #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-3-A.yml b/model/questions/O-EM-3-A.yml index b34ae0a9061b..618368642741 100644 --- a/model/questions/O-EM-3-A.yml +++ b/model/questions/O-EM-3-A.yml @@ -6,7 +6,7 @@ activity: 3156ab7b516e4550893427face9f86bc #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-EM-3-B.yml b/model/questions/O-EM-3-B.yml index e9a76766928c..224693b0aed7 100644 --- a/model/questions/O-EM-3-B.yml +++ b/model/questions/O-EM-3-B.yml @@ -6,7 +6,7 @@ activity: a573c126b3e345fba9d1d94c8158cf60 #This question uses Answer Set G -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-1-A.yml b/model/questions/O-IM-1-A.yml index 37eb817d3781..8a9bd86858e5 100644 --- a/model/questions/O-IM-1-A.yml +++ b/model/questions/O-IM-1-A.yml @@ -6,7 +6,7 @@ activity: b8dfd23d66224ac88d3ce41cf83ed15e #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-1-B.yml b/model/questions/O-IM-1-B.yml index e0d8b946a2a8..cd57a4120352 100644 --- a/model/questions/O-IM-1-B.yml +++ b/model/questions/O-IM-1-B.yml @@ -6,7 +6,7 @@ activity: b082664b8815407d825b82cf23fa88ea #This question uses Answer Set H -answerset: 381e1e37a19c488ab045a8a512552141 +answerSet: 381e1e37a19c488ab045a8a512552141 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-2-A.yml b/model/questions/O-IM-2-A.yml index 003cfcb25e69..4c42ef7a05be 100644 --- a/model/questions/O-IM-2-A.yml +++ b/model/questions/O-IM-2-A.yml @@ -6,7 +6,7 @@ activity: 5bcb52375a0f4085bb12266c9ecfa84d #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-2-B.yml b/model/questions/O-IM-2-B.yml index 9ee025498588..817d715236eb 100644 --- a/model/questions/O-IM-2-B.yml +++ b/model/questions/O-IM-2-B.yml @@ -6,7 +6,7 @@ activity: d6dd8813c5074350b5614b92f2dec60d #This question uses Answer Set I -answerset: e5a12ab46e4645a9ab22aa5a1ebe562f +answerSet: e5a12ab46e4645a9ab22aa5a1ebe562f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-3-A.yml b/model/questions/O-IM-3-A.yml index b88f8dd5a70f..a62ca2f441bd 100644 --- a/model/questions/O-IM-3-A.yml +++ b/model/questions/O-IM-3-A.yml @@ -6,7 +6,7 @@ activity: 11dd0c95f8914b6cb850a27f0557a9dd #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-IM-3-B.yml b/model/questions/O-IM-3-B.yml index 7a37233674a9..12f3d313a0f6 100644 --- a/model/questions/O-IM-3-B.yml +++ b/model/questions/O-IM-3-B.yml @@ -6,7 +6,7 @@ activity: f692ee8f87c1499681490cc1647c0df4 #This question uses Answer Set E -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-1-A.yml b/model/questions/O-OM-1-A.yml index 0663e9a51d42..742e758c1981 100644 --- a/model/questions/O-OM-1-A.yml +++ b/model/questions/O-OM-1-A.yml @@ -6,7 +6,7 @@ activity: c16a12399dc94cc889d7e9e66e0ae2a0 #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-1-B.yml b/model/questions/O-OM-1-B.yml index 1218cb2da9d8..65fd7d18f8bc 100644 --- a/model/questions/O-OM-1-B.yml +++ b/model/questions/O-OM-1-B.yml @@ -6,7 +6,7 @@ activity: 1a398709b9d3407dbf9db7eeff6e916c #This question uses Answer Set A -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-2-A.yml b/model/questions/O-OM-2-A.yml index fb273cc07a20..fe0c04414c74 100644 --- a/model/questions/O-OM-2-A.yml +++ b/model/questions/O-OM-2-A.yml @@ -6,7 +6,7 @@ activity: 82a962e3dcc44b1086760de517aaa3c1 #This question uses Answer Set J -answerset: 6c3e82e127264b92b25b732d85286d72 +answerSet: 6c3e82e127264b92b25b732d85286d72 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-2-B.yml b/model/questions/O-OM-2-B.yml index 00ae1568c022..32ac837ac424 100644 --- a/model/questions/O-OM-2-B.yml +++ b/model/questions/O-OM-2-B.yml @@ -6,7 +6,7 @@ activity: 60d7a0a61dd142d5a87009bc5b93df56 #This question uses Answer Set E -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-3-A.yml b/model/questions/O-OM-3-A.yml index 03121612c754..ad0bbd2732ab 100644 --- a/model/questions/O-OM-3-A.yml +++ b/model/questions/O-OM-3-A.yml @@ -6,7 +6,7 @@ activity: cd80066899014962a37af7ab34c83003 #This question uses Answer Set K -answerset: 14ad9a12e44f4079abc610010292f35e +answerSet: 14ad9a12e44f4079abc610010292f35e #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/O-OM-3-B.yml b/model/questions/O-OM-3-B.yml index baf582119ae8..44b6ecb39e86 100644 --- a/model/questions/O-OM-3-B.yml +++ b/model/questions/O-OM-3-B.yml @@ -6,7 +6,7 @@ activity: 8ab46d242edd413d99a6c1991aef2416 #This question uses Answer Set L -answerset: c1d15e1f5c8946d381f508db29b26473 +answerSet: c1d15e1f5c8946d381f508db29b26473 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-1-A.yml b/model/questions/V-AA-1-A.yml index 1ed2a67eef10..06a255dbf65f 100644 --- a/model/questions/V-AA-1-A.yml +++ b/model/questions/V-AA-1-A.yml @@ -6,7 +6,7 @@ activity: 0f611af10f974da497e7f3defe0c4f12 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-1-B.yml b/model/questions/V-AA-1-B.yml index b782de97ebee..b83bfce988c9 100644 --- a/model/questions/V-AA-1-B.yml +++ b/model/questions/V-AA-1-B.yml @@ -6,7 +6,7 @@ activity: 3ae763a70854421984dfa70980e1bf68 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-2-A.yml b/model/questions/V-AA-2-A.yml index c0769edb7875..935908600507 100644 --- a/model/questions/V-AA-2-A.yml +++ b/model/questions/V-AA-2-A.yml @@ -6,7 +6,7 @@ activity: eba4b86963f44fa59b0b9389a1cfc59b #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-2-B.yml b/model/questions/V-AA-2-B.yml index 0b7244ebf52a..c08a135c998d 100644 --- a/model/questions/V-AA-2-B.yml +++ b/model/questions/V-AA-2-B.yml @@ -6,7 +6,7 @@ activity: 62237ae79ab84a6687de2885b1e3d608 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-3-A.yml b/model/questions/V-AA-3-A.yml index c4c8294325a2..81d6d68fb880 100644 --- a/model/questions/V-AA-3-A.yml +++ b/model/questions/V-AA-3-A.yml @@ -6,7 +6,7 @@ activity: 9d0433c5133c4a4c9c16ae84abe9a235 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-AA-3-B.yml b/model/questions/V-AA-3-B.yml index 3e760f778c2e..078c51e9e78c 100644 --- a/model/questions/V-AA-3-B.yml +++ b/model/questions/V-AA-3-B.yml @@ -6,7 +6,7 @@ activity: a11da5bb4d3c475d9e9c53b104032e65 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-1-A.yml b/model/questions/V-RT-1-A.yml index 6f6b067ccbc7..7c9dce70fddd 100644 --- a/model/questions/V-RT-1-A.yml +++ b/model/questions/V-RT-1-A.yml @@ -6,7 +6,7 @@ activity: 99989f86dabc4a7a87fbe6a274c99ca3 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-1-B.yml b/model/questions/V-RT-1-B.yml index a30cb11ff84a..b56c66916be0 100644 --- a/model/questions/V-RT-1-B.yml +++ b/model/questions/V-RT-1-B.yml @@ -6,7 +6,7 @@ activity: 81ef5625583646bf8bc3fad53e4eff55 #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-2-A.yml b/model/questions/V-RT-2-A.yml index 2e683399da35..c194c315c63f 100644 --- a/model/questions/V-RT-2-A.yml +++ b/model/questions/V-RT-2-A.yml @@ -6,7 +6,7 @@ activity: 9951bda24b624cc684a2851f9d56c5d8 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-2-B.yml b/model/questions/V-RT-2-B.yml index 9740f1462f57..fb0906ba1807 100644 --- a/model/questions/V-RT-2-B.yml +++ b/model/questions/V-RT-2-B.yml @@ -6,7 +6,7 @@ activity: fd4d1ac720374b13a25ab1381045b731 #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-3-A.yml b/model/questions/V-RT-3-A.yml index 75acae42daf6..016a3c2131be 100644 --- a/model/questions/V-RT-3-A.yml +++ b/model/questions/V-RT-3-A.yml @@ -6,7 +6,7 @@ activity: 7003146cf1a1450293001754fe74787d #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-RT-3-B.yml b/model/questions/V-RT-3-B.yml index af7d18825e52..632dc91af269 100644 --- a/model/questions/V-RT-3-B.yml +++ b/model/questions/V-RT-3-B.yml @@ -6,7 +6,7 @@ activity: d975bb1ce1dd4d61a6039b0a4a05926e #Link to the answer set that contains the potential answers for this question -answerset: d096060a4d864133afcbdd1397b95827 +answerSet: d096060a4d864133afcbdd1397b95827 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-1-A.yml b/model/questions/V-ST-1-A.yml index d7b74cce18a3..433b1d10cf36 100644 --- a/model/questions/V-ST-1-A.yml +++ b/model/questions/V-ST-1-A.yml @@ -6,7 +6,7 @@ activity: 921ff24f0b9f4df9a5129aa2f8a4a570 #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-1-B.yml b/model/questions/V-ST-1-B.yml index 08d3f493a467..63d4d09217de 100644 --- a/model/questions/V-ST-1-B.yml +++ b/model/questions/V-ST-1-B.yml @@ -6,7 +6,7 @@ activity: b3b20a75740c4880a21ad9aa0c1298c7 #Link to the answer set that contains the potential answers for this question -answerset: 612bf4ec249f4e9d86f9e36dbf511821 +answerSet: 612bf4ec249f4e9d86f9e36dbf511821 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-2-A.yml b/model/questions/V-ST-2-A.yml index e1d308b91d71..51e49087b0c1 100644 --- a/model/questions/V-ST-2-A.yml +++ b/model/questions/V-ST-2-A.yml @@ -6,7 +6,7 @@ activity: fb6f258a2e424ee9a919341758222a7a #Link to the answer set that contains the potential answers for this question -answerset: 8c89e8daf71d425abaca53edc01f6afa +answerSet: 8c89e8daf71d425abaca53edc01f6afa #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-2-B.yml b/model/questions/V-ST-2-B.yml index eb15c2ca0db8..af29e93f51b0 100644 --- a/model/questions/V-ST-2-B.yml +++ b/model/questions/V-ST-2-B.yml @@ -6,7 +6,7 @@ activity: 346ed576f0a94147ba2b8148abc3c73a #Link to the answer set that contains the potential answers for this question -answerset: f77bd45a28c8493dbba6e53b2eafa20f +answerSet: f77bd45a28c8493dbba6e53b2eafa20f #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-3-A.yml b/model/questions/V-ST-3-A.yml index 6d8b0702f8ff..e95aa46f94b8 100644 --- a/model/questions/V-ST-3-A.yml +++ b/model/questions/V-ST-3-A.yml @@ -6,7 +6,7 @@ activity: 4f6a06796d0840debcc775ea1af65679 #Link to the answer set that contains the potential answers for this question -answerset: f0ccf7b66c0a484aa8374a387438bc98 +answerSet: f0ccf7b66c0a484aa8374a387438bc98 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. diff --git a/model/questions/V-ST-3-B.yml b/model/questions/V-ST-3-B.yml index 26b2162fe338..c9aec96d4137 100644 --- a/model/questions/V-ST-3-B.yml +++ b/model/questions/V-ST-3-B.yml @@ -6,7 +6,7 @@ activity: a395d69917b947b28d5995738d716283 #Link to the answer set that contains the potential answers for this question -answerset: 51466c3df15b45119e3fc68293f16034 +answerSet: 51466c3df15b45119e3fc68293f16034 #Unique identifier (GUID) used to refer to this maturity level. #Please generate another identifier for your specific maturity level. From aeed74355fbc7f866beb9ef788350117eb10d42c Mon Sep 17 00:00:00 2001 From: Mat Date: Mon, 20 Nov 2023 14:28:02 +0100 Subject: [PATCH 06/53] Fix typo --- model/questions/O-IM-2-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/questions/O-IM-2-B.yml b/model/questions/O-IM-2-B.yml index 9ee025498588..1810d0c3f4e8 100644 --- a/model/questions/O-IM-2-B.yml +++ b/model/questions/O-IM-2-B.yml @@ -21,7 +21,7 @@ order: 1 #Qualifying Criteria quality: - You have an agreed upon incident classification -- The process considers Root Case Analysis for high severity incidents +- The process considers Root Cause Analysis for high severity incidents - Employees responsible for incident response are trained in this process - Forensic analysis tooling is available #Type Classification of the Document From ef98fe4dc750bb96f6d9912320c9608c148bf3d8 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 09:51:55 +0100 Subject: [PATCH 07/53] Update README.md Update link to OWASP Flagship projects --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f30370fc593f..72cbc56e0150 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # OWASP SAMM - Core Model Repository -[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-38a047.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects) +[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-38a047.svg)](https://owasp.org/projects/#flagship-projects) [![Join the chat at https://owasp.slack.com/archives/C0VF1EJGH](https://img.shields.io/badge/chat-on%20slack-blueviolet)](https://owasp.slack.com/archives/C0VF1EJGH) [![Twitter Follow](https://img.shields.io/twitter/follow/owaspsamm?style=social)](https://twitter.com/OwaspSAMM) From 40e5bd752aeb6971d2abc217f3abca5f74de5940 Mon Sep 17 00:00:00 2001 From: Maxim Baele Date: Sat, 23 Mar 2024 10:01:11 +0100 Subject: [PATCH 08/53] Changing the name of security architecture to secure architecture, aligning the name of the activity with the intent. See https://github.com/owaspsamm/core/issues/129 --- model/practice_levels/V-AA-3.yml | 2 +- model/security_practices/D-Security-Architecture.yml | 6 +++--- model/security_practices/V-Architecture Assessment.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/model/practice_levels/V-AA-3.yml b/model/practice_levels/V-AA-3.yml index 729a170434cd..46720a4056d9 100644 --- a/model/practice_levels/V-AA-3.yml +++ b/model/practice_levels/V-AA-3.yml @@ -14,6 +14,6 @@ id: 83ea8aaab3384b41b785107613ee4d86 #Objective of this particular practice level objective: Review the architecture effectiveness and feedback results to improve the - security architecture. + security of the architecture. #Type Classification of the Document type: PracticeLevel diff --git a/model/security_practices/D-Security-Architecture.yml b/model/security_practices/D-Security-Architecture.yml index a4a2abb47b61..bdbf61dc7551 100644 --- a/model/security_practices/D-Security-Architecture.yml +++ b/model/security_practices/D-Security-Architecture.yml @@ -10,18 +10,18 @@ function: 88c296acaae841a2b2fc5314bff44cb4 id: 4753e55e943c4d418303bf90d599c6b1 #Official name of this practice -name: Security Architecture +name: Secure Architecture #Abbreviation of this practice shortName: SA #A one sentence description of the security practice -shortDescription: The security architecture practice focuses on managing architectural +shortDescription: The secure architecture practice focuses on managing architectural risks for the software solution. #A multi-paragraph description of the security practice longDescription: | - The Security Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling. + The Secure Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling. #The relative order of this practice in the business function order: 3 diff --git a/model/security_practices/V-Architecture Assessment.yml b/model/security_practices/V-Architecture Assessment.yml index 7c9b62373011..e2f314e4fb32 100644 --- a/model/security_practices/V-Architecture Assessment.yml +++ b/model/security_practices/V-Architecture Assessment.yml @@ -22,7 +22,7 @@ shortDescription: This practice focuses on validating the security and complianc longDescription: | The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy & Compliance and Security Requirements practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice. - In its more advanced form, the practice formalizes the security architecture review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Security Architecture practice to improve reference architectures. + In its more advanced form, the practice formalizes the architecture security review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Secure Architecture practice to improve reference architectures. #The relative order of this practice in the business function order: 1 From 28af099f80e0e34c38110e3aaf2d68af78dabcd5 Mon Sep 17 00:00:00 2001 From: Maxim Baele Date: Sat, 23 Mar 2024 10:11:35 +0100 Subject: [PATCH 09/53] Changed "issues" to "issues, tradeoffs or flaws" better covering the intended scope --- model/security_practices/D-Threat Assessment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/security_practices/D-Threat Assessment.yml b/model/security_practices/D-Threat Assessment.yml index 2e1d77d783aa..7b99bcfd29fb 100644 --- a/model/security_practices/D-Threat Assessment.yml +++ b/model/security_practices/D-Threat Assessment.yml @@ -22,7 +22,7 @@ shortDescription: This practice focuses on identifying potential threats in appl longDescription: | The Threat Assessment (TA) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business. - By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues while keeping a close watch on the organization’s current performance against known threats. + By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues, tradeoffs or flaws while keeping a close watch on the organization’s current performance against known threats. #The relative order of this practice in the business function order: 1 From 69b307590883e6961b3bb770dfd8db0d2a5d94b6 Mon Sep 17 00:00:00 2001 From: Bart De Win Date: Sat, 23 Mar 2024 10:14:21 +0100 Subject: [PATCH 10/53] Update D-SR-3-B.yml Reformulated a criterion for Supplier Security level 3 to make it more clear. --- model/questions/D-SR-3-B.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/model/questions/D-SR-3-B.yml b/model/questions/D-SR-3-B.yml index 68b7094b9ea7..c95293190607 100644 --- a/model/questions/D-SR-3-B.yml +++ b/model/questions/D-SR-3-B.yml @@ -21,8 +21,9 @@ order: 1 #Qualifying Criterion quality: -- The vendor has a secure SDLC that includes secure build, secure deployment, defect - management, and incident management that align with those used in your organization +- The vendor has a secure SDLC that includes secure build, secure deployment, defect + management, and incident management, meets the security expectations of your organization, + and is able to demonstrate operating effectiveness of practices. - You verify the solution meets quality and security objectives before every major release - When standard verification processes are not available, you use compensating controls From e0f1b9ac75bcf5786f755ba99ddeabb9c1649432 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:18:15 +0100 Subject: [PATCH 11/53] Update G-SM-2-A.yml Minor stylistical improvement --- model/activities/G-SM-2-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/G-SM-2-A.yml b/model/activities/G-SM-2-A.yml index 99be413d28b1..53c4a6633d1f 100644 --- a/model/activities/G-SM-2-A.yml +++ b/model/activities/G-SM-2-A.yml @@ -25,7 +25,7 @@ shortDescription: Publish a unified strategy for application security. longDescription: | Based on the magnitude of assets, threats, and risk tolerance, develop a security strategic plan and budget to address business priorities around application security. The plan covers 1 to 3 years and includes milestones consistent with the organization's business drivers and risks. It provides tactical and strategic initiatives and follows a roadmap that makes its alignment with business priorities and needs visible. - In the roadmap, you reach a balance between changes requiring financial expenditures, changes of processes and procedures, and changes impacting the organization's culture. This balance helps accomplish multiple milestones concurrently and without overloading or exhausting available resources or development teams. The milestones are frequent enough to help monitor program success and trigger timely roadmap adjustments. + In the roadmap, reach a balance between changes requiring financial expenditures, changes of processes and procedures, and changes impacting the organization's culture. This balance helps accomplish multiple milestones concurrently and without overloading or exhausting available resources or development teams. The milestones are frequent enough to help monitor program success and trigger timely roadmap adjustments. For the program to be successful, the application security team obtains buy-in from the organization's stakeholders and application development teams. A published plan is available to anyone who is required to support or participate in its implementation. From a779517e029384c02c96ad4e22d51851ca35fead Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:36:32 +0100 Subject: [PATCH 12/53] Update I-SD-1-B.yml --- model/activities/I-SD-1-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/I-SD-1-B.yml b/model/activities/I-SD-1-B.yml index b8027c754097..15022ddaa15a 100644 --- a/model/activities/I-SD-1-B.yml +++ b/model/activities/I-SD-1-B.yml @@ -52,7 +52,7 @@ personnel: notes: None #References to other activities that are prerequisites to implement this one. -relatedActivites: +relatedActivities: - 994bcac2bb7c4cc59a0faa365a0b58a0 #I-SD-1-A #Type Classification of the Document From 4472299c8724ecbe1b465a25f9f440535a2accf9 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:38:11 +0100 Subject: [PATCH 13/53] Update I-SD-2-A.yml --- model/activities/I-SD-2-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/I-SD-2-A.yml b/model/activities/I-SD-2-A.yml index 3a7f96d09ed3..e9777d1a769e 100644 --- a/model/activities/I-SD-2-A.yml +++ b/model/activities/I-SD-2-A.yml @@ -52,7 +52,7 @@ personnel: notes: None #References to other activities that are prerequisites to implement this one. -relatedActivites: +relatedActivities: - fb6f258a2e424ee9a919341758222a7a #V-ST-2-A #Type Classification of the Document From 3983e9b7bae4e6cce04c98ecc7003dc0258bb2a6 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:45:35 +0100 Subject: [PATCH 14/53] Update O-IM-2-B.yml --- model/activities/O-IM-2-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/O-IM-2-B.yml b/model/activities/O-IM-2-B.yml index 38fec13adb08..f7a97b6026c9 100644 --- a/model/activities/O-IM-2-B.yml +++ b/model/activities/O-IM-2-B.yml @@ -13,7 +13,7 @@ level: 439406325e6645519c149da3e05a7d9d id: d6dd8813c5074350b5614b92f2dec60d #The title of this activity -title: Define and incident response process +title: Define an incident response process #Describe the benefit that is achieved by implementing this activity benefit: Understanding and efficient handling of most security incidents From d3fc03fd20db0850e39e1e90ba0b0a0948106aab Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:51:41 +0100 Subject: [PATCH 15/53] Update V-AA-1-B.yml --- model/activities/V-AA-1-B.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-AA-1-B.yml b/model/activities/V-AA-1-B.yml index cfd5b230f8fa..fb3f72fffe75 100644 --- a/model/activities/V-AA-1-B.yml +++ b/model/activities/V-AA-1-B.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From 4441d641de8ed3a4f1940a37a1a0efee792b88d7 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:52:36 +0100 Subject: [PATCH 16/53] Update V-AA-2-A.yml --- model/activities/V-AA-2-A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-AA-2-A.yml b/model/activities/V-AA-2-A.yml index ea943d9d0a14..25d8f845a670 100644 --- a/model/activities/V-AA-2-A.yml +++ b/model/activities/V-AA-2-A.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From 1caecfd8f7696e3b03cb76197efb26b0b55e9e4e Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:52:54 +0100 Subject: [PATCH 17/53] Update V-AA-2-B.yml --- model/activities/V-AA-2-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-AA-2-B.yml b/model/activities/V-AA-2-B.yml index aecd04ea0c1f..ed783454c206 100644 --- a/model/activities/V-AA-2-B.yml +++ b/model/activities/V-AA-2-B.yml @@ -44,6 +44,6 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity From 82c490f886462cd6b2c9f60e44ef95dcab3a6c10 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:53:12 +0100 Subject: [PATCH 18/53] Update V-AA-3-A.yml --- model/activities/V-AA-3-A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-AA-3-A.yml b/model/activities/V-AA-3-A.yml index 37701db7fce0..affb6e14a1ca 100644 --- a/model/activities/V-AA-3-A.yml +++ b/model/activities/V-AA-3-A.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From 3b79116795e83841bf91ad34f6d11b36848a43dd Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:53:30 +0100 Subject: [PATCH 19/53] Update V-AA-3-B.yml --- model/activities/V-AA-3-B.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-AA-3-B.yml b/model/activities/V-AA-3-B.yml index 5cc4c3ab04d3..28149ebd2721 100644 --- a/model/activities/V-AA-3-B.yml +++ b/model/activities/V-AA-3-B.yml @@ -41,6 +41,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From cf43dda5d28c66c4d9903a0571042f9f86289356 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:53:51 +0100 Subject: [PATCH 20/53] Update V-RT-1-A.yml --- model/activities/V-RT-1-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-RT-1-A.yml b/model/activities/V-RT-1-A.yml index 8b893e661798..d33df70b0cb2 100644 --- a/model/activities/V-RT-1-A.yml +++ b/model/activities/V-RT-1-A.yml @@ -42,7 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: - 5702908efca4499e87a0239f32920d9b # Practice D-Security-Requirements #Type Classification of the Document From 5556144731956113f884b0548cd325936e1dc7a5 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:54:07 +0100 Subject: [PATCH 21/53] Update V-RT-1-B.yml --- model/activities/V-RT-1-B.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-RT-1-B.yml b/model/activities/V-RT-1-B.yml index acc755e8be3c..fe7a8dc6989d 100644 --- a/model/activities/V-RT-1-B.yml +++ b/model/activities/V-RT-1-B.yml @@ -42,6 +42,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From c3c1abd368643649c29b2eef697a4025c3895348 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:54:22 +0100 Subject: [PATCH 22/53] Update V-RT-2-A.yml --- model/activities/V-RT-2-A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-RT-2-A.yml b/model/activities/V-RT-2-A.yml index 0b10f4a627a8..9c8e8a37c00b 100644 --- a/model/activities/V-RT-2-A.yml +++ b/model/activities/V-RT-2-A.yml @@ -44,6 +44,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From 281ad94c3b442623f121a53854d7ae2d79e79b6c Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:54:37 +0100 Subject: [PATCH 23/53] Update V-RT-2-B.yml --- model/activities/V-RT-2-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-RT-2-B.yml b/model/activities/V-RT-2-B.yml index bd95ad0f0423..55c84c12817a 100644 --- a/model/activities/V-RT-2-B.yml +++ b/model/activities/V-RT-2-B.yml @@ -42,6 +42,6 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity From cbc56f1775ce777e2adbb4eee5df9dfde4f4f54d Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:54:52 +0100 Subject: [PATCH 24/53] Update V-RT-3-A.yml --- model/activities/V-RT-3-A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-RT-3-A.yml b/model/activities/V-RT-3-A.yml index 56071c62f33c..19068886d861 100644 --- a/model/activities/V-RT-3-A.yml +++ b/model/activities/V-RT-3-A.yml @@ -44,6 +44,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From 01b900382d058facdbe0288f2009c87023bd8994 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:55:05 +0100 Subject: [PATCH 25/53] Update V-RT-3-B.yml --- model/activities/V-RT-3-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-RT-3-B.yml b/model/activities/V-RT-3-B.yml index 18f6f1570cfc..9b3497cb2990 100644 --- a/model/activities/V-RT-3-B.yml +++ b/model/activities/V-RT-3-B.yml @@ -45,7 +45,7 @@ notes: | I removed references to specific tools and a detailed explanation of denial of service tests. These can all be added to the guidance notes. #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity From fc86d87479b34a94317eef0037d35fe65bb6da91 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:55:20 +0100 Subject: [PATCH 26/53] Update V-ST-1-A.yml --- model/activities/V-ST-1-A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-ST-1-A.yml b/model/activities/V-ST-1-A.yml index 4215e1d0d6c2..deb4b30052dc 100644 --- a/model/activities/V-ST-1-A.yml +++ b/model/activities/V-ST-1-A.yml @@ -48,6 +48,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From fa5efdf67d229d7d04e294c0242766665a637306 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:55:34 +0100 Subject: [PATCH 27/53] Update V-ST-1-B.yml --- model/activities/V-ST-1-B.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-ST-1-B.yml b/model/activities/V-ST-1-B.yml index eeb2ea62a170..fb894c35e8ff 100644 --- a/model/activities/V-ST-1-B.yml +++ b/model/activities/V-ST-1-B.yml @@ -44,6 +44,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From c0ea9a5e9c6de23dd160e8f4c8363d2fabdce674 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:55:51 +0100 Subject: [PATCH 28/53] Update V-ST-2-A.yml --- model/activities/V-ST-2-A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-ST-2-A.yml b/model/activities/V-ST-2-A.yml index 5ca09bf04a8d..7de501a0230b 100644 --- a/model/activities/V-ST-2-A.yml +++ b/model/activities/V-ST-2-A.yml @@ -46,6 +46,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From 0d363e9dffd19605164512651b9c6463f29f5f77 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:56:08 +0100 Subject: [PATCH 29/53] Update V-ST-2-B.yml --- model/activities/V-ST-2-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-ST-2-B.yml b/model/activities/V-ST-2-B.yml index 3b69c800379c..9b9600a2443c 100644 --- a/model/activities/V-ST-2-B.yml +++ b/model/activities/V-ST-2-B.yml @@ -46,6 +46,6 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: #Type Classification of the Document type: Activity From 4f8a6222f34710c1db4a5d29b5f557e44668043a Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:56:24 +0100 Subject: [PATCH 30/53] Update V-ST-3-A.yml --- model/activities/V-ST-3-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-ST-3-A.yml b/model/activities/V-ST-3-A.yml index 929bc6614f55..5fab80bd9316 100644 --- a/model/activities/V-ST-3-A.yml +++ b/model/activities/V-ST-3-A.yml @@ -46,7 +46,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: - e17d573510904f65a1fe6040b56ad0b1 # Practice I-Defect-Management #Type Classification of the Document From 78bc55df710e8883072af8318a728523c0ba0e70 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 10:56:39 +0100 Subject: [PATCH 31/53] Update V-ST-3-B.yml --- model/activities/V-ST-3-B.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/model/activities/V-ST-3-B.yml b/model/activities/V-ST-3-B.yml index fa35005bc80b..34a36c36f056 100644 --- a/model/activities/V-ST-3-B.yml +++ b/model/activities/V-ST-3-B.yml @@ -46,6 +46,7 @@ personnel: notes: #References to other activities that are prerequisites to implement this one. -dependencies: +relatedActivities: + #Type Classification of the Document type: Activity From a6ed390bf73f25244b11948f031745c57f74795e Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sat, 23 Mar 2024 11:00:38 +0100 Subject: [PATCH 32/53] Update V-RT-3-B.yml --- model/activities/V-RT-3-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/V-RT-3-B.yml b/model/activities/V-RT-3-B.yml index 9b3497cb2990..ac7530b64d97 100644 --- a/model/activities/V-RT-3-B.yml +++ b/model/activities/V-RT-3-B.yml @@ -23,7 +23,7 @@ shortDescription: Denial of service and security stress testing. #A multi-paragraph description of the activity longDescription: | - Applications are particularly susceptible to denial of service attacks. Perform denial of service and security stress testing against them in controlled conditiions, preferably on application acceptance environments. + Applications are particularly susceptible to denial of service attacks. Perform denial of service and security stress testing against them in controlled conditions, preferably on application acceptance environments. Load testing tools generate synthetic traffic, allowing you to test the application's performance under heavy load. One important test is how many requests per second an application can handle while remaining within its performance requirements. Testing from a single IP address is still useful as it gives an indication of how many requests an attacker must generate to impact the application. From 6fd524af99882ce7ca3983611e3b408bd5d0e078 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sun, 24 Mar 2024 09:55:14 +0100 Subject: [PATCH 33/53] Closes #141 --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 61ee8b22a032..81ac6176d6e7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,6 +29,8 @@ jobs: - run: tar -cvzf samm.tar.gz images model texts - name: Generate Excel spreadsheet from the model uses: owaspsamm/toolbox-spreadsheet@main + with: + version: ${{ env.RELEASE_VERSION }} - name: Build Changelog id: github_release uses: mikepenz/release-changelog-builder-action@v3 From 6aa5b75c248b20179996e50ef604e2cfaab40827 Mon Sep 17 00:00:00 2001 From: Bart De Win Date: Sun, 24 Mar 2024 10:06:13 +0100 Subject: [PATCH 34/53] GH Issue 57 fixes Implemented fixed for GH Issue 57, excepted for the "yearly" occurrences. --- model/activities/D-TA-1-B.yml | 2 +- model/activities/D-TA-2-B.yml | 2 +- model/activities/D-TA-3-B.yml | 2 +- model/questions/D-TA-2-B.yml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/model/activities/D-TA-1-B.yml b/model/activities/D-TA-1-B.yml index ef265ead4749..84230f876411 100644 --- a/model/activities/D-TA-1-B.yml +++ b/model/activities/D-TA-1-B.yml @@ -30,7 +30,7 @@ longDescription: | Threat modeling is a team exercise, including product owners, architects, security champions, and security testers. At this maturity level, expose teams and stakeholders to threat modeling to increase security awareness and to create a shared vision on the security of the system. - At maturity level 1, you perform threat modeling ad-hoc for high-risk applications and use simple threat checklists, such as STRIDE. Avoid lengthy workshops and overly detailed lists of low-relevant threats. Perform threat modeling iteratively to align to more iterative development paradigms. If you add new functionality to an existing application, look only into the newly added functions instead of trying to cover the entire scope. A good starting point is the existing diagrams that you annotate during discussion workshops. Always make sure to persist the outcome of a threat modeling discussion for later use. + At maturity level 1, you perform threat modeling ad-hoc for high-risk applications and use simple threat checklists, such as STRIDE. Avoid lengthy workshops and overly detailed lists of low-relevant threats. Perform threat modeling iteratively to align to more iterative development paradigms. If you add new functionality to an existing application, look only into the newly added functions instead of trying to cover the entire scope. A good starting point is the existing diagrams that you annotate during discussion workshops. Always persist the outcome of a threat modeling discussion for later use. Your most important tool to start threat modeling is a whiteboard, smartboard, or a piece of paper. Aim for security awareness, a simple process, and actionable outcomes that you agree upon with your team. diff --git a/model/activities/D-TA-2-B.yml b/model/activities/D-TA-2-B.yml index 5b5b5305719b..77d67a8df206 100644 --- a/model/activities/D-TA-2-B.yml +++ b/model/activities/D-TA-2-B.yml @@ -31,7 +31,7 @@ longDescription: | Your threat modeling methodology includes at least diagramming, threat identification, design flaw mitigations, and how to validate your threat model artifacts. Your threat model diagram allows a detailed understanding of the environment and the mechanics of the application. You discover threats to your application with checklists, such as STRIDE or more organization-specific threats. For identified design flaws (ranked according to risk for your organization), you add mitigating controls to support stakeholders in dealing with particular threats. Define what triggers updating a threat model, for example, a technology change or deployment of an application in a new environment. - Feed the output of threat modeling to the defect management process for adequate follow-up. Capture the threat modeling artifacts with tools that are used by your application teams. + Feed the output of threat modeling to the defect management process for adequate follow-up. Capture the threat modeling artifacts with tools used by your application teams. #The output of this particular activity results: diff --git a/model/activities/D-TA-3-B.yml b/model/activities/D-TA-3-B.yml index 6f2e1117f184..882dfc7256e8 100644 --- a/model/activities/D-TA-3-B.yml +++ b/model/activities/D-TA-3-B.yml @@ -24,7 +24,7 @@ shortDescription: Continuously optimization and automation of your threat modeli #A multi-paragraph description of the activity longDescription: | - Threat modeling is integrated into your SDLC and has become part of the developer security culture. Reusable risk patterns, comprising of related threat libraries, design flaws, and security mitigations, are created and improved, based on the organization's threat models. You regularly (e.g., yearly) review the existing threat models to verify that no new threats are relevant for your applications. + Threat modeling is integrated into your SDLC and has become part of the developer security culture. Reusable risk patterns, comprising related threat libraries, design flaws, and security mitigations, are created and improved, based on the organization's threat models. You regularly (e.g., yearly) review the existing threat models to verify that no new threats are relevant for your applications. You optimize your threat modeling methodology. You capture lessons learned from threat models and use these to improve your threat modeling methodology. You review the threat categories relevant to your organization and update your methodology appropriately. From time to time, you evaluate the quality of your threat models independently. diff --git a/model/questions/D-TA-2-B.yml b/model/questions/D-TA-2-B.yml index 0bbf3cc9c1c4..937f8d8fbf24 100644 --- a/model/questions/D-TA-2-B.yml +++ b/model/questions/D-TA-2-B.yml @@ -13,7 +13,7 @@ answerset: f77bd45a28c8493dbba6e53b2eafa20f id: 42cfabd13db34fd0b35e92af917eb1b8 #One-sentence description of the criterium -text: Do you use a standard methodology, aligned on your application risk levels? +text: Do you use a standard methodology, aligned with your application risk levels? #Order of this question for the activity (in case there would be multiple) order: 1 @@ -23,7 +23,7 @@ quality: - You train your architects, security champions, and other stakeholders on how to do practical threat modeling - Your threat modeling methodology includes at least diagramming, threat identification, design flaw mitigations, and how to validate your threat model artifacts - Changes in the application or business context trigger a review of the relevant threat models - - You capture the threat modeling artifacts with tools that are used by your application teams + - You capture the threat modeling artifacts with tools used by your application teams #Type Classification of the Document type: Question From ad714494617077c2eb85627387929af628bfaf21 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sun, 24 Mar 2024 11:49:30 +0100 Subject: [PATCH 35/53] Slight reformulation of long description of G-EG-3-B. Fixes #36 --- model/activities/G-EG-3-B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/activities/G-EG-3-B.yml b/model/activities/G-EG-3-B.yml index 6b4f1989589e..9d0783c90a41 100644 --- a/model/activities/G-EG-3-B.yml +++ b/model/activities/G-EG-3-B.yml @@ -26,7 +26,7 @@ shortDescription: Build a secure software community including all organization p longDescription: | Security is the responsibility of all employees, not just the Information Security team. Deploy communication and knowledge sharing platforms to help developers build communities around different technologies, tools, and programming languages. In these communities employees share information, discuss challenges with other developers, and search the knowledge base for answers to previously discussed issues. - Form communities around roles and responsibilities and enable developers and engineers from different teams and business units to communicate freely and benefit from each other's expertise. Encourage participation, set up a program to promote those who help the most people as thought leaders, and have management recognize them. In addition to improving application security, this platform may help identify future members of the Secure Software Center of Excellence, or 'Security Champions' based on their expertise and willingness to help others. + Form communities around roles and responsibilities. Enable developers and engineers from different teams and business units to communicate freely so they can benefit from each other's expertise. Encourage participation, set up a program to promote those who help the most people as thought leaders, and have management recognize them. In addition to improving application security, this platform may help identify future members of the Secure Software Center of Excellence, or 'Security Champions' based on their expertise and willingness to help others. The Secure Software Center of Excellence and Application Security teams review the information portal regularly for insights into the new and upcoming technologies, as well as opportunities to assist the development community with new initiatives, tools, programs, and training resources. Use the portal to disseminate information about new standards, tools, and resources to all developers for the continued improvement of SDLC maturity and application security. From 9a792e75a0a4d153b60e3fd169094da0066661d2 Mon Sep 17 00:00:00 2001 From: Bart De Win Date: Sun, 24 Mar 2024 14:36:06 +0100 Subject: [PATCH 36/53] Delete S.yml --- model/answer_sets/S.yml | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 model/answer_sets/S.yml diff --git a/model/answer_sets/S.yml b/model/answer_sets/S.yml deleted file mode 100644 index 1b3dc1df7737..000000000000 --- a/model/answer_sets/S.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# =========================================================== -# OWASP SAMM2 Answer Set - S -# =========================================================== -# Unique identifier (GUID) used to refer to this maturity level. -# Please generate another identifier for your specific maturity level. -id: e11943dd1978471486d5db4b04e3047d - -# Different answers with their properties. We use 4 levels or answers -values: - #lowest level -- text: No - value: 0 - weight: 1 - order: 0 - #second level -- text: Yes, for some of the policies and standards - value: 0.25 - weight: 1 - order: 1 - #third level -- text: Yes, for at least half of the policies and standards - value: 0.5 - weight: 1 - order: 2 - #highest level -- text: Yes, for most or all of the policies and standards - value: 1 - weight: 1 - order: 3 - -# Type Classification of the Document -type: AnswerSet From 6360872f3f65bcdf30b967631fe56b630ce0f7e0 Mon Sep 17 00:00:00 2001 From: maximbaele <8909779+maximbaele@users.noreply.github.com> Date: Sun, 24 Mar 2024 14:37:10 +0100 Subject: [PATCH 37/53] Update D-Threat Assessment.yml pull request to include oxford comma --- model/security_practices/D-Threat Assessment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/security_practices/D-Threat Assessment.yml b/model/security_practices/D-Threat Assessment.yml index 7b99bcfd29fb..0657355c21f8 100644 --- a/model/security_practices/D-Threat Assessment.yml +++ b/model/security_practices/D-Threat Assessment.yml @@ -22,7 +22,7 @@ shortDescription: This practice focuses on identifying potential threats in appl longDescription: | The Threat Assessment (TA) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business. - By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues, tradeoffs or flaws while keeping a close watch on the organization’s current performance against known threats. + By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues, tradeoffs, or flaws while keeping a close watch on the organization’s current performance against known threats. #The relative order of this practice in the business function order: 1 From fd628e73b6e5d882c25cb35951fb5b41ff9302a0 Mon Sep 17 00:00:00 2001 From: maximbaele <8909779+maximbaele@users.noreply.github.com> Date: Sun, 24 Mar 2024 14:38:33 +0100 Subject: [PATCH 38/53] Update D-Threat Assessment.yml with more oxford commas --- model/security_practices/D-Threat Assessment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/security_practices/D-Threat Assessment.yml b/model/security_practices/D-Threat Assessment.yml index 0657355c21f8..66b9975c2a60 100644 --- a/model/security_practices/D-Threat Assessment.yml +++ b/model/security_practices/D-Threat Assessment.yml @@ -22,7 +22,7 @@ shortDescription: This practice focuses on identifying potential threats in appl longDescription: | The Threat Assessment (TA) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business. - By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues, tradeoffs, or flaws while keeping a close watch on the organization’s current performance against known threats. + By starting with simple threat models and building application risk profiles, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues, tradeoffs, or flaws, while keeping a close watch on the organization’s current performance against known threats. #The relative order of this practice in the business function order: 1 From deff311495aa85e4c95fb572d0bf70249f1d66a1 Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sun, 24 Mar 2024 14:47:39 +0100 Subject: [PATCH 39/53] Rename D-Security-Architecture.yml to D-Secure-Architecture.yml Additional change related to https://github.com/owaspsamm/core/pull/135 --- .../{D-Security-Architecture.yml => D-Secure-Architecture.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename model/security_practices/{D-Security-Architecture.yml => D-Secure-Architecture.yml} (100%) diff --git a/model/security_practices/D-Security-Architecture.yml b/model/security_practices/D-Secure-Architecture.yml similarity index 100% rename from model/security_practices/D-Security-Architecture.yml rename to model/security_practices/D-Secure-Architecture.yml From 9d5cd79ddf428a0183f44d7edbb0f88cbb79e88d Mon Sep 17 00:00:00 2001 From: Daniel Kefer Date: Sun, 24 Mar 2024 14:55:27 +0100 Subject: [PATCH 40/53] Renamed two yaml files. Fixes #62 --- .../{D-Threat Assessment.yml => D-Threat-Assessment.yml} | 0 ...-Architecture Assessment.yml => V-Architecture-Assessment.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename model/security_practices/{D-Threat Assessment.yml => D-Threat-Assessment.yml} (100%) rename model/security_practices/{V-Architecture Assessment.yml => V-Architecture-Assessment.yml} (100%) diff --git a/model/security_practices/D-Threat Assessment.yml b/model/security_practices/D-Threat-Assessment.yml similarity index 100% rename from model/security_practices/D-Threat Assessment.yml rename to model/security_practices/D-Threat-Assessment.yml diff --git a/model/security_practices/V-Architecture Assessment.yml b/model/security_practices/V-Architecture-Assessment.yml similarity index 100% rename from model/security_practices/V-Architecture Assessment.yml rename to model/security_practices/V-Architecture-Assessment.yml From 9bc902c15f125063e61e0172415d72ce9397d78e Mon Sep 17 00:00:00 2001 From: John DiLeo Date: Sun, 24 Mar 2024 14:57:15 +0100 Subject: [PATCH 41/53] Update G-EG-1-A.yml Updated Quality Criteria wording, to clarify content review and refresher training requirements. --- model/questions/G-EG-1-A.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/model/questions/G-EG-1-A.yml b/model/questions/G-EG-1-A.yml index 1eef2a1c5135..e976d8f2c59d 100644 --- a/model/questions/G-EG-1-A.yml +++ b/model/questions/G-EG-1-A.yml @@ -23,12 +23,14 @@ order: 1 quality: - Training is repeatable, consistent, and available to anyone involved with software development lifecycle -- Training includes the latest OWASP Top 10 if appropriate and includes concepts such +- Training includes relevant content from the latest OWASP Top 10 and includes concepts such as Least Privilege, Defense-in-Depth, Fail Secure (Safe), Complete Mediation, Session Management, Open Design, and Psychological Acceptability - Training requires a sign-off or an acknowledgement from attendees -- You have updated the training in the last 12 months -- Training is required during employees' onboarding process +- You have reviewed the training content within the last 12 months, and have completed any required updates +- All new covered staff are required to complete training during their onboarding process +- Existing covered staff are required to complete training when content is added/revised, or + complete refresher training at least every 24 months #Type Classification of the Document type: Question From 20f92e29e3dde3c728fa51b00a4e23f91a1ab4d9 Mon Sep 17 00:00:00 2001 From: John DiLeo Date: Sun, 24 Mar 2024 15:00:33 +0100 Subject: [PATCH 42/53] Update G-EG-1-A.yml Update wording on new Criterion --- model/questions/G-EG-1-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/questions/G-EG-1-A.yml b/model/questions/G-EG-1-A.yml index e976d8f2c59d..c228a24a9a51 100644 --- a/model/questions/G-EG-1-A.yml +++ b/model/questions/G-EG-1-A.yml @@ -30,7 +30,7 @@ quality: - You have reviewed the training content within the last 12 months, and have completed any required updates - All new covered staff are required to complete training during their onboarding process - Existing covered staff are required to complete training when content is added/revised, or - complete refresher training at least every 24 months + complete refresher training at least every 24 months, whichever comes first #Type Classification of the Document type: Question From 7be2cccacec4779a286191b5987c673a1c8e54d6 Mon Sep 17 00:00:00 2001 From: John Ellingsworth <4731674+johnellingsworth@users.noreply.github.com> Date: Sun, 24 Mar 2024 15:14:35 +0100 Subject: [PATCH 43/53] Fixing ampersand Issue https://github.com/owaspsamm/samm-suite/issues/49 --- model/streams/G-PC-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/streams/G-PC-A.yml b/model/streams/G-PC-A.yml index ab3c0c409d28..742e6e3d367d 100644 --- a/model/streams/G-PC-A.yml +++ b/model/streams/G-PC-A.yml @@ -9,7 +9,7 @@ practice: be9e7ddb98b84abe8b9e185b979ccf60 id: c404aa4f711e4f4e9e71faea22f7fb5c #Official stream name -name: Policy & Standards +name: Policy and Standards #Stream letter, A or B letter: A From 260fcf820f55f2843dc0d7bef979db75c930486f Mon Sep 17 00:00:00 2001 From: John Ellingsworth <4731674+johnellingsworth@users.noreply.github.com> Date: Sun, 24 Mar 2024 15:22:22 +0100 Subject: [PATCH 44/53] Fixing ampersand in 2 additional activities Issue https://github.com/owaspsamm/samm-suite/issues/49 --- model/activities/V-AA-3-B.yml | 2 +- model/activities/V-RT-3-A.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/model/activities/V-AA-3-B.yml b/model/activities/V-AA-3-B.yml index 28149ebd2721..6ae850888f2a 100644 --- a/model/activities/V-AA-3-B.yml +++ b/model/activities/V-AA-3-B.yml @@ -20,7 +20,7 @@ benefit: Continuous improvement of enterprise architecture based on architecture #A one sentence description of the activity shortDescription: Feed the architecture review results back into the enterprise architecture, - organization design principles & patterns, security solutions and reference architectures. + organization design principles and patterns, security solutions and reference architectures. #A multi-paragraph description of the activity longDescription: | diff --git a/model/activities/V-RT-3-A.yml b/model/activities/V-RT-3-A.yml index 19068886d861..553242917fa5 100644 --- a/model/activities/V-RT-3-A.yml +++ b/model/activities/V-RT-3-A.yml @@ -25,7 +25,7 @@ shortDescription: Perform regression testing (with security unit tests). longDescription: | Write and automate regression tests for all identified (and fixed) bugs to ensure that these become a test harness preventing similar issues being introduced during later releases. Security unit tests should verify dynamically (i.e., at run time) that the components function as expected and should validate that code changes are properly implemented. - A good practice for developers is to build security test cases as a generic security test suite that is part of the existing unit testing framework. A generic security test suite might include security test cases to validate both positive and negative requirements for security controls such as Identity, Authentication & Access Control, Input Validation & Encoding, User and Session Management, Error and Exception Handling, Encryption, and Auditing and Logging. Verify the correct execution of the security tests as early as possible. If feasible for example, consider the passing of security tests as part of merge requirements before allowing new code to enter the main code base. Alternatively, consider their passing a requirement for validating a build. + A good practice for developers is to build security test cases as a generic security test suite that is part of the existing unit testing framework. A generic security test suite might include security test cases to validate both positive and negative requirements for security controls such as Identity, Authentication and Access Control, Input Validation and Encoding, User and Session Management, Error and Exception Handling, Encryption, and Auditing and Logging. Verify the correct execution of the security tests as early as possible. If feasible for example, consider the passing of security tests as part of merge requirements before allowing new code to enter the main code base. Alternatively, consider their passing a requirement for validating a build. For security functional tests, use unit level tests for the functionality of security controls at the software component level, such as functions, methods, or classes. For example, a test case could check input and output validation (e.g., variable sanitation) and boundary checks for variables by asserting the expected functionality of the component. From 4d988e43a254bf7d4357458ffef4f01db2b2ad41 Mon Sep 17 00:00:00 2001 From: John Ellingsworth <4731674+johnellingsworth@users.noreply.github.com> Date: Sun, 24 Mar 2024 15:30:13 +0100 Subject: [PATCH 45/53] Fixing ampersand in security practices Issue https://github.com/owaspsamm/samm-suite/issues/49 --- model/security_practices/G-Education-Guidance.yml | 4 ++-- model/security_practices/G-Policy-Compliance.yml | 4 ++-- model/security_practices/G-Strategy-Metrics.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/model/security_practices/G-Education-Guidance.yml b/model/security_practices/G-Education-Guidance.yml index 1310dbabbfbd..6d585f5e14ac 100644 --- a/model/security_practices/G-Education-Guidance.yml +++ b/model/security_practices/G-Education-Guidance.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: 483a0a1b78264cafbc470ce72d557332 #Official name of this practice -name: Education & Guidance +name: Education and Guidance #Abbreviation of this practice shortName: EG @@ -21,7 +21,7 @@ shortDescription: This practice focuses on increasing the knowledge in the organ #A multi-paragraph description of the security practice longDescription: | - The Education & Guidance (EG) practice focuses on arming personnel involved in the software lifecycle with knowledge and resources to design, develop, and deploy secure software. With improved access to information, project teams can proactively identify and mitigate the specific security risks that apply to their organization. + The Education and Guidance (EG) practice focuses on arming personnel involved in the software lifecycle with knowledge and resources to design, develop, and deploy secure software. With improved access to information, project teams can proactively identify and mitigate the specific security risks that apply to their organization. One major theme for improvement across the Objectives is providing training for employees and increasing their security awareness, either through instructor-led sessions or computer-based modules. As an organization progresses, it builds a broad base of training starting with developers and moving to other roles, culminating with the addition of role-based training to ensure applicability and effectiveness. diff --git a/model/security_practices/G-Policy-Compliance.yml b/model/security_practices/G-Policy-Compliance.yml index fb161892d21c..59a9ff05b91d 100644 --- a/model/security_practices/G-Policy-Compliance.yml +++ b/model/security_practices/G-Policy-Compliance.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: be9e7ddb98b84abe8b9e185b979ccf60 #Official name of this practice -name: Policy & Compliance +name: Policy understanding Compliance #Abbreviation of this practice shortName: PC @@ -21,7 +21,7 @@ shortDescription: This practice drives the adherence to internal and external st #A multi-paragraph description of the security practice longDescription: | - The Policy & Compliance (PC) practice focuses on understanding and meeting external legal and regulatory requirements while driving internal security standards to ensure compliance in a way that’s aligned with the business purpose of the organization. + The Policy and Compliance (PC) practice focuses on understanding and meeting external legal and regulatory requirements while driving internal security standards to ensure compliance in a way that’s aligned with the business purpose of the organization. A driving theme for improvement within this practice is describing organization’s standards and 3rd party obligations as application requirements, enabling efficient and automated audits that may be leveraged within the SDLC and continuously demonstrate that all expectations are met. diff --git a/model/security_practices/G-Strategy-Metrics.yml b/model/security_practices/G-Strategy-Metrics.yml index 63be6776b3ee..f79f7653105e 100644 --- a/model/security_practices/G-Strategy-Metrics.yml +++ b/model/security_practices/G-Strategy-Metrics.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: 32b3bdd85d3a4d53827960004f9d1c7e #Official name of this practice -name: Strategy & Metrics +name: Strategy and Metrics #Abbreviation of this practice shortName: SM @@ -21,7 +21,7 @@ shortDescription: This practice forms the basis of your secure software activiti #A multi-paragraph description of the security practice longDescription: | - Software assurance entails many different activities and concerns. Without an overall plan, you might be spending a lot of effort to build in security, while in fact your efforts may be unaligned, disproportional or even counterproductive. The goal of the Strategy & Metrics (SM) practice is to build an efficient and effective plan for realizing your software security objectives within your organization. + Software assurance entails many different activities and concerns. Without an overall plan, you might be spending a lot of effort to build in security, while in fact your efforts may be unaligned, disproportional or even counterproductive. The goal of the Strategy and Metrics (SM) practice is to build an efficient and effective plan for realizing your software security objectives within your organization. A software security program, that selects and prioritizes activities of the rest of the model, serves as the foundation for your efforts. The practice works on building the plan, maintaining and disseminating it. From a0090a63b1887ce3c3fa7154214512fb2ed8d66e Mon Sep 17 00:00:00 2001 From: John Ellingsworth <4731674+johnellingsworth@users.noreply.github.com> Date: Sun, 24 Mar 2024 15:41:37 +0100 Subject: [PATCH 46/53] Fixing ampersand in V-AA Issue https://github.com/owaspsamm/samm-suite/issues/49 --- model/security_practices/V-Architecture-Assessment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/security_practices/V-Architecture-Assessment.yml b/model/security_practices/V-Architecture-Assessment.yml index e2f314e4fb32..e3ca68e83ef5 100644 --- a/model/security_practices/V-Architecture-Assessment.yml +++ b/model/security_practices/V-Architecture-Assessment.yml @@ -20,7 +20,7 @@ shortDescription: This practice focuses on validating the security and complianc #A multi-paragraph description of the security practice longDescription: | - The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy & Compliance and Security Requirements practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice. + The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy and Compliance, and Security Requirements, practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice. In its more advanced form, the practice formalizes the architecture security review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Secure Architecture practice to improve reference architectures. From 86596a18ef5741fd14f469e8342c1474d39bf608 Mon Sep 17 00:00:00 2001 From: Dimitar Raichev Date: Tue, 2 Apr 2024 15:01:58 +0300 Subject: [PATCH 47/53] Update G-Policy-Compliance.yml fix typo --- model/security_practices/G-Policy-Compliance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/security_practices/G-Policy-Compliance.yml b/model/security_practices/G-Policy-Compliance.yml index 59a9ff05b91d..ec11631b5c3d 100644 --- a/model/security_practices/G-Policy-Compliance.yml +++ b/model/security_practices/G-Policy-Compliance.yml @@ -10,7 +10,7 @@ function: 102ad02df5dc4a8eb3837ef4ca2c1af4 id: be9e7ddb98b84abe8b9e185b979ccf60 #Official name of this practice -name: Policy understanding Compliance +name: Policy and Compliance #Abbreviation of this practice shortName: PC From 3f8502c1703df01af28261c2daaeabe8e1d5d536 Mon Sep 17 00:00:00 2001 From: BackNot Date: Wed, 12 Jun 2024 17:06:16 +0300 Subject: [PATCH 48/53] Update D-SR-3-B.yml Removed trailing spaces --- model/questions/D-SR-3-B.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/model/questions/D-SR-3-B.yml b/model/questions/D-SR-3-B.yml index ee6e8e6304fd..37cc41a403b4 100644 --- a/model/questions/D-SR-3-B.yml +++ b/model/questions/D-SR-3-B.yml @@ -21,8 +21,8 @@ order: 1 #Qualifying Criterion quality: -- The vendor has a secure SDLC that includes secure build, secure deployment, defect - management, and incident management, meets the security expectations of your organization, +- The vendor has a secure SDLC that includes secure build, secure deployment, defect + management, and incident management, meets the security expectations of your organization, and is able to demonstrate operating effectiveness of practices. - You verify the solution meets quality and security objectives before every major release From 57c524762749e68207135f8cf9fff31f368808d1 Mon Sep 17 00:00:00 2001 From: BackNot Date: Wed, 12 Jun 2024 17:08:37 +0300 Subject: [PATCH 49/53] Update G-EG-1-A.yml Removed trailing whitespace --- model/questions/G-EG-1-A.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/questions/G-EG-1-A.yml b/model/questions/G-EG-1-A.yml index eb84c3d48249..ba6d894e2cb5 100644 --- a/model/questions/G-EG-1-A.yml +++ b/model/questions/G-EG-1-A.yml @@ -28,7 +28,7 @@ quality: Management, Open Design, and Psychological Acceptability - Training requires a sign-off or an acknowledgement from attendees - You have reviewed the training content within the last 12 months, and have completed any required updates -- All new covered staff are required to complete training during their onboarding process +- All new covered staff are required to complete training during their onboarding process - Existing covered staff are required to complete training when content is added/revised, or complete refresher training at least every 24 months, whichever comes first From 26a507d9a9ec13ae0aea710085d8b15d39c1c596 Mon Sep 17 00:00:00 2001 From: BackNot Date: Fri, 14 Jun 2024 10:15:12 +0300 Subject: [PATCH 50/53] Update yaml-process.yml to use another docker image for processing yaml --- .github/workflows/yaml-process.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yaml-process.yml b/.github/workflows/yaml-process.yml index aede5408d35f..5a2f9758dbd1 100644 --- a/.github/workflows/yaml-process.yml +++ b/.github/workflows/yaml-process.yml @@ -46,7 +46,7 @@ jobs: run: | mkdir output - name: 'Generate model for website' - uses: docker://fzipi/owasp-samm-preprocess-yaml:version-0.8.1 + uses: docker://backnot/owasp-samm-process-yaml-content:latest with: args: '-d model -o output' - name: 'Move generated files to common directory structure' From cb6d45d3b3f41636cbdc37bd7f0ca1b472d87178 Mon Sep 17 00:00:00 2001 From: BackNot Date: Thu, 20 Jun 2024 16:14:08 +0300 Subject: [PATCH 51/53] Fixed samm website repository dispatch event to work on push tags. Changed used token to be user token instead of default repository token. --- .github/workflows/yaml-process.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/yaml-process.yml b/.github/workflows/yaml-process.yml index aede5408d35f..0121abf94857 100644 --- a/.github/workflows/yaml-process.yml +++ b/.github/workflows/yaml-process.yml @@ -66,14 +66,14 @@ jobs: SQUASH_HISTORY: true # after changing something, we need to trigger the website build trigger-website-build: - if: github.event.push.tags && github.ref_type == 'tag' + if: github.event_name == 'push' && github.ref_type == 'tag' runs-on: ubuntu-latest needs: generate-markdown steps: - name: Trigger Website Dispatch uses: peter-evans/repository-dispatch@v2 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.OWASP_SAMM_WEBSITE_TOKEN }} repository: owaspsamm/website event-type: samm-core-released client-payload: '{"release": "${{ github.ref_name }}"}' From 511edb3036ba665bdc272a8693f5a4d5cd6a8397 Mon Sep 17 00:00:00 2001 From: Aram Hovsepyan Date: Tue, 9 Jul 2024 14:15:09 +0200 Subject: [PATCH 52/53] Update O-Incident-Management.yml minor improvement from you're to you are. I just need some change to test the new website generation actually. --- model/security_practices/O-Incident-Management.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/model/security_practices/O-Incident-Management.yml b/model/security_practices/O-Incident-Management.yml index d5c7d758a2e0..6d6a45eb81a9 100644 --- a/model/security_practices/O-Incident-Management.yml +++ b/model/security_practices/O-Incident-Management.yml @@ -20,11 +20,11 @@ shortDescription: This practice addresses activities carried out to improve the #A multi-paragraph description of the security practice longDescription: | - Once your organization has applications in operation, you're likely to face security incidents. In this model, we define a security incident as a breach, or the threat of an imminent breach, of at least one asset's security goals, whether due to malicious or negligent behavior. Examples of security incidents might include: a successful Denial of Service (DoS) attack against a cloud application, an application user accessing private data of another by abusing a security vulnerability, or an attacker modifying application source code. The Incident Management (IM) practice focuses on dealing with these in your organization. + Once your organization has applications in operation, you are likely to face security incidents. In this model, we define a security incident as a breach, or the threat of an imminent breach, of at least one asset's security goals, whether due to malicious or negligent behavior. Examples of security incidents might include: a successful Denial of Service (DoS) attack against a cloud application, an application user accessing private data of another by abusing a security vulnerability, or an attacker modifying application source code. The Incident Management (IM) practice focuses on dealing with these in your organization. Historically, many security incidents have been detected months, or even years, after the initial breach. During the "dwell time" before an incident is detected, significant damage can occur, increasing the difficulty of recovery. Our first activity stream, Incident Detection, focuses on decreasing that dwell time. - Once you have identified that you're suffering from a security incident, it's essential to respond in a disciplined, thorough manner to limit the damage, and return to normal operations as efficiently as possible. This is the focus of our second stream. + Once you have identified that you are suffering from a security incident, it's essential to respond in a disciplined, thorough manner to limit the damage, and return to normal operations as efficiently as possible. This is the focus of our second stream. #The relative order of this practice in the business function order: 1 From 438ef84c34d08befb5cd413a3344d1e6e1f75e9e Mon Sep 17 00:00:00 2001 From: Alex Ashkov Date: Mon, 2 Sep 2024 15:43:58 +0300 Subject: [PATCH 53/53] Added workflows that will be used from language repositories. One is for creating markdown and the other one is to pull new English core model files to language repository --- .../reusable-create-translation-branch.yml | 37 ++++++++++++++++ .github/workflows/reusable-yaml-process.yml | 44 +++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 .github/workflows/reusable-create-translation-branch.yml create mode 100644 .github/workflows/reusable-yaml-process.yml diff --git a/.github/workflows/reusable-create-translation-branch.yml b/.github/workflows/reusable-create-translation-branch.yml new file mode 100644 index 000000000000..62e446471bf3 --- /dev/null +++ b/.github/workflows/reusable-create-translation-branch.yml @@ -0,0 +1,37 @@ +name: Create new translation version branch in language repository + +on: + workflow_call: + inputs: + source_branch: + required: true + type: string + source_folder: + required: true + type: string + new_branch_name: + required: true + type: string + +jobs: + pull_and_create_branch: + runs-on: ubuntu-latest + + steps: + - name: Checkout current repo + uses: actions/checkout@v3 + - name: Set up Git with GitHub Actions bot identity + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + - name: Pull content from another repository + run: | + git clone --branch ${{ inputs.source_branch }} --single-branch https://github.com/owaspsamm/core temp-repo + rm -rf temp-repo/.git + rsync -a --exclude='.git' temp-repo/ . + - name: Create a new branch with the pulled content + run: | + git checkout -b ${{ inputs.new_branch_name }} + git add ${{ inputs.source_folder }} + git commit -m "Pulled content from ${{ inputs.source_repo }}:${{ inputs.source_branch }}" + git push origin ${{ inputs.new_branch_name }} diff --git a/.github/workflows/reusable-yaml-process.yml b/.github/workflows/reusable-yaml-process.yml new file mode 100644 index 000000000000..01909ded3e3d --- /dev/null +++ b/.github/workflows/reusable-yaml-process.yml @@ -0,0 +1,44 @@ +name: Reusable workflow to convert yaml files to markdown + +on: + workflow_call: + inputs: + language: + required: true + type: string + branch: + required: true + type: string + model_folder: + required: true + type: string +jobs: + generate-markdown: + runs-on: ubuntu-latest + steps: + - name: 'Checkout using release is workflow dispatched' + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + - name: 'Create output dir and copy files to override spaces in directories' + run: | + mkdir output + - name: 'Generate model for website' + uses: docker://backnot/owasp-samm-process-yaml-content:latest + with: + args: '-d ${{ inputs.model_folder }} -o output -l ${{ inputs.language }}' + - name: 'Move generated files to common directory structure' + run: | + mkdir -p build/business-function/practice/stream + BASE=output/markdown + cp "$BASE"/{Design.md,Governance.md,Implementation.md,Operations.md,Verification.md} build/business-function + cp "$BASE"/*-??-?.md build/business-function/practice/stream + cp "$BASE"/*-??.md build/business-function/practice + - name: Deploy + uses: s0/git-publish-subdir-action@develop + env: + REPO: self + BRANCH: markdown + FOLDER: build + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SQUASH_HISTORY: false