Skip to content

Commit

Permalink
use new NIST dataset #112
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrew2net
andrew2net committed Jul 12, 2024
1 parent 703dc0e commit 12597c1
Show file tree
Hide file tree
Showing 14 changed files with 1,595 additions and 1,582 deletions.
2 changes: 1 addition & 1 deletion lib/relaton_nist/version.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module RelatonNist
VERSION = "1.19.0".freeze
VERSION = "1.19.1".freeze
end
11 changes: 5 additions & 6 deletions spec/examples/get.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<bibdata schema-version="v1.2.9">
<fetched>2024-07-11</fetched>
<title type="title-main" format="text/plain" language="en" script="Latn">Interagency report on the status of international cybersecurity standardization for the internet of things (IoT)</title>
<bibdata type="standard" schema-version="v1.2.9">
<fetched>2024-07-12</fetched>
<title type="main" format="text/plain" language="en" script="Latn">Interagency report on the status of international cybersecurity standardization for the internet of things (IoT)</title>
<uri type="doi">https://doi.org/10.6028/NIST.IR.8200</uri>
<docidentifier type="NIST" primary="true">NIST IR 8200</docidentifier>
<docidentifier type="DOI">10.6028/NIST.IR.8200</docidentifier>
Expand All @@ -27,15 +27,14 @@
<contributor>
<role type="publisher"/>
<organization>
<name>Information Technology Laboratory (National Institute of Standards
and Technology)</name>
<name>Information Technology Laboratory (National Institute of Standards and Technology)</name>
<identifier type="uri">https://id.loc.gov/authorities/names/no97056762</identifier>
</organization>
</contributor>
<abstract format="text/plain" language="en" script="Latn">The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council s Cyber Interagency Policy Committee. Its purpose is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in the process. Effective U.S. Government participation involves coordinating across the federal government and working with the U.S. private sector. The U.S. relies more heavily on the private sector for standards development than do many other countries. Companies and industry groups, academic institutions, professional societies, consumer groups, and other interested parties are major contributors to this process. Further, the many Standards Developing Organizations (SDOs) which provide the infrastructure for the standards development are overwhelmingly private sector organizations. On April 25, 2017, the IICS WG established an Internet of Things (IoT) Task Group to determine the current state of international cybersecurity standards development for IoT. This report is intended for use by the working group member agencies to assist them in their standards planning and to help coordinate U.S. Government participation in international cybersecurity standardization for IoT. Other organizations may also find this document useful in their planning.</abstract>
<series>
<title format="text/plain">NISTIR; NIST IR; NIST interagency report; NIST internal report</title>
<partnumber>8200</partnumber>
<number>8200</number>
</series>
<place>
<city>Gaithersburg</city>
Expand Down
10 changes: 5 additions & 5 deletions spec/examples/hit.xml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
<bibdata schema-version="v1.2.9">
<fetched>2024-07-11</fetched>
<bibdata type="standard" schema-version="v1.2.9">
<fetched>2024-07-12</fetched>
<title type="title-main" format="text/plain" language="en" script="Latn">Automation support for security control assessments, volume 1</title>
<title type="title-part" format="text/plain" language="en" script="Latn">overview</title>
<title type="main" format="text/plain" language="en" script="Latn">Automation support for security control assessments, volume 1 - overview</title>
<uri type="doi">https://doi.org/10.6028/NIST.IR.8011-1</uri>
<docidentifier type="NIST" primary="true">NIST IR 8011-1</docidentifier>
<docidentifier type="DOI">10.6028/NIST.IR.8011-1</docidentifier>
Expand Down Expand Up @@ -37,15 +38,14 @@
<contributor>
<role type="publisher"/>
<organization>
<name>Information Technology Laboratory (National Institute of Standards
and Technology)</name>
<name>Information Technology Laboratory (National Institute of Standards and Technology)</name>
<identifier type="uri">https://id.loc.gov/authorities/names/no97056762</identifier>
</organization>
</contributor>
<abstract format="text/plain" language="en" script="Latn">This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each determination statement are called control items. The control items are then grouped into the appropriate security capabilities. As suggested by SP 800-53 Revision 4, security capabilities are groups of controls that support a common purpose. For effective automated assessment, testable defect checks are defined that bridge the determination statements to the broader security capabilities to be achieved and to the SP 800-53 security control items themselves. The defect checks correspond to security sub-capabilities -- called sub-capabilities because each is part of a larger capability. Capabilities and sub-capabilities are both designed with the purpose of addressing a series of attack steps. Automated assessments (in the form of defect checks) are performed using the test assessment method defined in SP 800-53A by comparing a desired and actual state (or behavior).</abstract>
<series>
<title format="text/plain">NISTIR; NIST IR; NIST interagency report; NIST internal report</title>
<partnumber>8011-1</partnumber>
<number>8011-1</number>
</series>
<place>
<city>Gaithersburg</city>
Expand Down
10 changes: 5 additions & 5 deletions spec/examples/hit_bibitem.xml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
<bibitem id="NISTIR8011-1" schema-version="v1.2.9">
<fetched>2024-07-11</fetched>
<bibitem id="NISTIR8011-1" type="standard" schema-version="v1.2.9">
<fetched>2024-07-12</fetched>
<title type="title-main" format="text/plain" language="en" script="Latn">Automation support for security control assessments, volume 1</title>
<title type="title-part" format="text/plain" language="en" script="Latn">overview</title>
<title type="main" format="text/plain" language="en" script="Latn">Automation support for security control assessments, volume 1 - overview</title>
<uri type="doi">https://doi.org/10.6028/NIST.IR.8011-1</uri>
<docidentifier type="NIST" primary="true">NIST IR 8011-1</docidentifier>
<docidentifier type="DOI">10.6028/NIST.IR.8011-1</docidentifier>
Expand Down Expand Up @@ -37,15 +38,14 @@
<contributor>
<role type="publisher"/>
<organization>
<name>Information Technology Laboratory (National Institute of Standards
and Technology)</name>
<name>Information Technology Laboratory (National Institute of Standards and Technology)</name>
<identifier type="uri">https://id.loc.gov/authorities/names/no97056762</identifier>
</organization>
</contributor>
<abstract format="text/plain" language="en" script="Latn">This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each determination statement are called control items. The control items are then grouped into the appropriate security capabilities. As suggested by SP 800-53 Revision 4, security capabilities are groups of controls that support a common purpose. For effective automated assessment, testable defect checks are defined that bridge the determination statements to the broader security capabilities to be achieved and to the SP 800-53 security control items themselves. The defect checks correspond to security sub-capabilities -- called sub-capabilities because each is part of a larger capability. Capabilities and sub-capabilities are both designed with the purpose of addressing a series of attack steps. Automated assessments (in the form of defect checks) are performed using the test assessment method defined in SP 800-53A by comparing a desired and actual state (or behavior).</abstract>
<series>
<title format="text/plain">NISTIR; NIST IR; NIST interagency report; NIST internal report</title>
<partnumber>8011-1</partnumber>
<number>8011-1</number>
</series>
<place>
<city>Gaithersburg</city>
Expand Down

0 comments on commit 12597c1

Please sign in to comment.