Produce a matrix showing which NIST 800-53 controls are addressed by scan findings, with coverage percentages and gap identification. **Acceptance Criteria:** - [ ] Map each finding to applicable NIST 800-53 control families - [ ] Calculate coverage percentage per control family - [ ] Identify controls with zero automated coverage (procedural/organizational) - [ ] Output as CSV, Excel, and Markdown - [ ] Include column for evidence type: `automated` (SAST finding), `manual` (requires assessor), `not applicable` - [ ] `stigcode coverage --input results.sarif --format xlsx --output coverage.xlsx`
Produce a matrix showing which NIST 800-53 controls are addressed by scan findings, with coverage percentages and gap identification.
Acceptance Criteria:
automated(SAST finding),manual(requires assessor),not applicablestigcode coverage --input results.sarif --format xlsx --output coverage.xlsx