Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The application should dynamically generate the available Standards by querying the database #9

Open
shawndwells opened this issue Sep 21, 2018 · 3 comments
Open

The application should dynamically generate the available Standards by querying the database #9

shawndwells opened this issue Sep 21, 2018 · 3 comments
Assignees
@zeyap

Comments

@shawndwells
Copy link
Member

No description provided.

@shawndwells
Copy link
Member Author

+cc @zeyap @hannahdu

The current Standards page (http://localhost:3000/standards when running locally) has static/placeholder content to display various standards. It looks like this:

image

This data should be dynamically generated by querying the database and identifying what standards are available. However the database isn't made yet -- so we'll need to pull the data from flat files for now.

The flat-file data has been imported here:
https://github.com/SecurityCentral/ui-mockup/tree/master/opencontrols/standards

Parsing the data will be a bit awkward. We'll need:
(1) Name of the standard, which is identified through the name: element (example: https://github.com/SecurityCentral/ui-mockup/blob/master/opencontrols/standards/nist-800-53-latest.yaml#L1)

(2) How many control families are there? Will need to get the values of the family: element, strip out duplicates, return number of unique entries.

(3) How many security controls are contained in the standard? Will need to count rule entries, such as AC-1 and AC-2

Examples:

(4) How many of the controls are satisfied, partially satisfied, and non-compliant? To pull this information the individual component files in https://github.com/SecurityCentral/ui-mockup/tree/master/opencontrols/components will need to be parsed.

We can use the following implementation_status codes to group the results:

  • complete == satisfied
  • partial == partially satisfied
  • unknown or anything other than complete/partial/not applicable == non-compliant

@shawndwells
Copy link
Member Author

@zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?

@zeyap
Copy link
Collaborator

zeyap commented Sep 28, 2018

@zeyap @hannahdu is this helpful to give you enough information to start updating the standards page?

This is helpful, thanks Shawn. By the way are 'Details' buttons intended for anything? I imagine it trigger display of control names.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zeyap zeyap

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shawndwells @zeyap