diff --git a/Makefile b/Makefile index 507a58f..5246ba4 100644 --- a/Makefile +++ b/Makefile @@ -18,12 +18,46 @@ K := $(foreach exec,$(EXECUTABLES),\ default: rhel7 openshiftv3 -clean: +clean-all: clean - cd RHEL7 && make clean - cd OpenShift-v3 && make clean -rhel7: clean - - cd RHEL7 && make +clean: + - rm -rf exports/ opencontrols/ + +rhel7-clean: + - cd RHEL7 && clean + +rhel7: rhel7-clean + - cd RHEL7 && make clean + +openshiftv3-clean: + - cd OpenShift-v3 && make clean -openshiftv3: clean +openshiftv3: openshiftv3-clean - cd OpenShift-v3 && make + +### +### Sample 'MyApp' targets +### +opencontrols: opencontrol.yaml + - ${CM} get + +exports: opencontrols + - ${CM} docs gitbook FedRAMP-low + +pdf: exports + - cd exports/ && gitbook pdf ./ ./MyApp_Compliance_Guide.pdf + +serve: exports + - cd exports/ && gitbook serve + +fedramp: + - ${GOPATH}/bin/fedramp-templater fill opencontrols/ ./FedRAMP_Template/FedRAMP-System-Security-Plan-Template-v2.1.docx exports/FedRAMP-Filled-v2.1.docx + +fedramp-diff: + - ${GOPATH}/bin/fedramp-templater diff opencontrols/ ./FedRAMP_Template/FedRAMP-System-Security-Plan-Template-v2.1.docx + +checks: + - yamllint customer_cxo_controls/policies/ + - yamllint customer_pmo_controls/policies/ diff --git a/OpenShift-v3/opencontrol.yaml b/OpenShift-v3/opencontrol.yaml index 6313410..daeac22 100644 --- a/OpenShift-v3/opencontrol.yaml +++ b/OpenShift-v3/opencontrol.yaml @@ -1,5 +1,5 @@ schema_version: "1.0.0" -name: OpenShift-v3.fd +name: OpenShift v3 metadata: description: Red Hat OpenShift v3 maintainers: diff --git a/OpenShift-v3/policies/AC-Access_Control/component.yaml b/OpenShift-v3/policies/AC-Access_Control/component.yaml index 6a56f00..115016b 100644 --- a/OpenShift-v3/policies/AC-Access_Control/component.yaml +++ b/OpenShift-v3/policies/AC-Access_Control/component.yaml @@ -4,59 +4,67 @@ name: Access Control schema_version: 3.0.0 satisfies: +# +# AC-2(2) NOTES: +# The customer will be responsible for automatically removing or +# disabling emergency and temporary accounts within the required +# timeframe. A successful control response will need to address +# all of the procedures and mechanisms involved in disabling these +# accounts. +# - control_key: AC-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | - '//* - The customer will be responsible for automatically removing or - disabling emergency and temporary accounts within the required - timeframe. A successful control response will need to address - all of the procedures and mechanisms involved in disabling these - accounts. - - 3rd party software must be used to fully support management of - temporary and emergency accounts. OpenShift does not have the capability - to automatically disable accounts after a configured period of time. To - meet this requirement, an authentication provider (such as Active - Directory) must be used. Integration between OpenShift and Active - Directory can be accomplished through the use of Kerberos cross-realm - trusts. Refer to the LDAP Authentication section of the OpenShift - Administrators guide: - - https://docs.openshift.com/container-platform/3.3/admin_solutions/authentication.html#ldap-auth - */' - + 'OpenShift relies upon 3rd party authentication providers, such as + Microsoft Active Directory, Red Hat IdM, or LDAP. By relying on 3rd + party authentication providers, OpenShift is not responsible for + automatic disablement of temporary and emergency accounts after a + configured period of time. + + Refer to the LDAP Authentication section of the OpenShift + Administrators Guide for configuration references to 3rd parties, e.g. + configuration of Kerberos cross-realm trusts with Active Directory. + The guide can be found at: + + https://docs.openshift.com/container-platform/3.3/admin_solutions/authentication.html#ldap-auth' + +# +# AC-2(3) NOTES: +# The customer will be responsible for automatically disabling user +# accounts after the specified period of inactivity. A successful +# control response will need to address all automated mechanisms +# involved in disabling inactive accounts. +# +# ADMIN NOTE: +# AC-2(2) disables temp/emergency accounts after period of time. +# AC-2(3) differs by disabling *every other* account type +# - control_key: AC-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | - '//* - The customer will be responsible for automatically disabling user - accounts after the specified period of inactivity. A successful control - response will need to address all automated mechanisms involved in - disabling inactive accounts.> - - <3rd party software must be used to fully support automatic disablement - of inactive OpenShift accounts. OpenShift does not have the capability - to automatically disable accounts after a configured period of time. To - meet this requirement, an authentication provider (such as Active - Directory) must be used. Integration between OpenShift and Active - Directory can be accomplished throguh the use of Kerberos cross-realm - trusts. Refer to the LDAP Authentication section of the OpenShift - Administrators guide: - - https://docs.openshift.com/container-platform/3.3/admin_solutions/authentication.html#ldap-auth - */' + 'OpenShift relies upon 3rd party authentication providers, such as + Microsoft Active Directory, Red Hat IdM, or LDAP. By relying on 3rd + party authentication providers, OpenShift is not responsible for + automatic disablement of inactive accounts after a configured period + of time. + + Refer to the LDAP Authentication section of the OpenShift + Administrators Guide for configuration references to 3rd parties, e.g. + configuration of Kerberos cross-realm trusts with Active Directory. + The guide can be found at: + + https://docs.openshift.com/container-platform/3.3/admin_solutions/authentication.html#ldap-auth' - control_key: AC-2 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Implemented + implementation_status: Implemented narrative: - text: | '//* @@ -87,7 +95,7 @@ satisfies: - control_key: AC-2 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Implemented + implementation_status: Implemented narrative: - text: | '//* @@ -99,7 +107,7 @@ satisfies: - control_key: AC-2 (10) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -114,7 +122,7 @@ satisfies: - control_key: AC-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -129,7 +137,7 @@ satisfies: - control_key: AC-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -149,7 +157,7 @@ satisfies: - control_key: AC-4 (21) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -163,7 +171,7 @@ satisfies: - control_key: AC-6 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -176,7 +184,7 @@ satisfies: - control_key: AC-6 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -189,7 +197,7 @@ satisfies: - control_key: AC-6 (10) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -203,7 +211,7 @@ satisfies: - control_key: AC-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -221,7 +229,7 @@ satisfies: - control_key: AC-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -283,7 +291,7 @@ satisfies: - control_key: AC-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -296,7 +304,7 @@ satisfies: - control_key: AC-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -313,7 +321,7 @@ satisfies: - control_key: AC-11 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'Not applicable. When AC-2(5) is implemented, the non-configurable @@ -323,7 +331,7 @@ satisfies: - control_key: AC-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -337,7 +345,7 @@ satisfies: - control_key: AC-17 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'All system events, regardless of local or remote, are captured through @@ -347,7 +355,7 @@ satisfies: - control_key: AC-17 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'OpenShift uses the following cryptographic algorithms and ciphers to @@ -368,7 +376,7 @@ satisfies: - control_key: AC-17 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -383,7 +391,7 @@ satisfies: - control_key: AC-17 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -409,7 +417,7 @@ satisfies: - control_key: AC-18 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/OpenShift-v3/policies/AU-Audit_and_Accountability/component.yaml b/OpenShift-v3/policies/AU-Audit_and_Accountability/component.yaml index ed825ca..8d28e6d 100644 --- a/OpenShift-v3/policies/AU-Audit_and_Accountability/component.yaml +++ b/OpenShift-v3/policies/AU-Audit_and_Accountability/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: AU-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -20,7 +20,7 @@ satisfies: - control_key: AU-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -43,7 +43,7 @@ satisfies: - control_key: AU-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -86,7 +86,7 @@ satisfies: - control_key: AU-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -101,7 +101,7 @@ satisfies: - control_key: AU-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -134,7 +134,7 @@ satisfies: - control_key: AU-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: # Customers are responsible for comparing the internal information # system clocks at least hourly with an authoritative time source. A @@ -191,7 +191,7 @@ satisfies: - control_key: AU-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -205,7 +205,7 @@ satisfies: - control_key: AU-9 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -222,7 +222,7 @@ satisfies: - control_key: AU-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/OpenShift-v3/policies/CA-Security_Assessment_and_Authorization/component.yaml b/OpenShift-v3/policies/CA-Security_Assessment_and_Authorization/component.yaml index 2fee9e2..32822ec 100644 --- a/OpenShift-v3/policies/CA-Security_Assessment_and_Authorization/component.yaml +++ b/OpenShift-v3/policies/CA-Security_Assessment_and_Authorization/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: CA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | @@ -41,7 +41,7 @@ satisfies: - control_key: CA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/OpenShift-v3/policies/CM-Configuration_Management/component.yaml b/OpenShift-v3/policies/CM-Configuration_Management/component.yaml index 175201f..de7f394 100644 --- a/OpenShift-v3/policies/CM-Configuration_Management/component.yaml +++ b/OpenShift-v3/policies/CM-Configuration_Management/component.yaml @@ -19,7 +19,7 @@ satisfies: #- control_key: CM-2 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # '//* @@ -33,7 +33,7 @@ satisfies: - control_key: CM-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: c text: | @@ -65,7 +65,7 @@ satisfies: - control_key: CM-2(2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -79,7 +79,7 @@ satisfies: - control_key: CM-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -98,7 +98,7 @@ satisfies: - control_key: CM-2 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -110,7 +110,7 @@ satisfies: - control_key: CM-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: d text: | @@ -125,7 +125,7 @@ satisfies: - control_key: CM-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -139,7 +139,7 @@ satisfies: - control_key: CM-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -152,7 +152,7 @@ satisfies: - control_key: CM-5 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'To ensure the system can cryptographically verify base software @@ -170,7 +170,7 @@ satisfies: - control_key: CM-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | @@ -194,7 +194,7 @@ satisfies: - control_key: CM-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -219,7 +219,7 @@ satisfies: - control_key: CM-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -242,7 +242,7 @@ satisfies: - control_key: CM-7 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -261,7 +261,7 @@ satisfies: - control_key: CM-7 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -312,7 +312,7 @@ satisfies: #- control_key: CM-8 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - key: a # text: | @@ -339,7 +339,7 @@ satisfies: - control_key: CM-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -353,7 +353,7 @@ satisfies: - control_key: CM-8 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -382,7 +382,7 @@ satisfies: - control_key: CM-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | diff --git a/OpenShift-v3/policies/CP-Contingency_Planning/component.yaml b/OpenShift-v3/policies/CP-Contingency_Planning/component.yaml index eb4023b..3cb20b7 100644 --- a/OpenShift-v3/policies/CP-Contingency_Planning/component.yaml +++ b/OpenShift-v3/policies/CP-Contingency_Planning/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: CP-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -60,7 +60,7 @@ satisfies: - control_key: CP-9 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -72,7 +72,7 @@ satisfies: - control_key: CP-9 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -83,7 +83,7 @@ satisfies: - control_key: CP-10 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/OpenShift-v3/policies/IA-Identification_and_Authentication/component.yaml b/OpenShift-v3/policies/IA-Identification_and_Authentication/component.yaml index 6d9e7b7..4991a6d 100644 --- a/OpenShift-v3/policies/IA-Identification_and_Authentication/component.yaml +++ b/OpenShift-v3/policies/IA-Identification_and_Authentication/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: IA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -43,7 +43,7 @@ satisfies: - control_key: IA-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -70,7 +70,7 @@ satisfies: - control_key: IA-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -84,7 +84,7 @@ satisfies: - control_key: IA-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'This control is not applicable to tenants of cloud computing @@ -93,7 +93,7 @@ satisfies: - control_key: IA-2 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'OpenShift requires individuals to be authenticated with an individual @@ -106,7 +106,7 @@ satisfies: - control_key: IA-2 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -120,7 +120,7 @@ satisfies: - control_key: IA-2 (11) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -138,7 +138,7 @@ satisfies: - control_key: IA-2 (12) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -154,7 +154,7 @@ satisfies: - control_key: IA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -172,7 +172,7 @@ satisfies: - control_key: IA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -222,7 +222,7 @@ satisfies: - control_key: IA-4 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -237,7 +237,7 @@ satisfies: - control_key: IA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -338,7 +338,7 @@ satisfies: - control_key: IA-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -395,7 +395,7 @@ satisfies: - control_key: IA-5 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -437,7 +437,7 @@ satisfies: - control_key: IA-5 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -452,7 +452,7 @@ satisfies: - control_key: IA-5 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -466,7 +466,7 @@ satisfies: - control_key: IA-5 (6) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -479,7 +479,7 @@ satisfies: - control_key: IA-5 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -492,7 +492,7 @@ satisfies: - control_key: IA-5 (11) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -507,7 +507,7 @@ satisfies: - control_key: IA-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -524,7 +524,7 @@ satisfies: - control_key: IA-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -541,7 +541,7 @@ satisfies: - control_key: IA-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -556,7 +556,7 @@ satisfies: - control_key: IA-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -572,7 +572,7 @@ satisfies: - control_key: IA-8 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -589,7 +589,7 @@ satisfies: - control_key: IA-8 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -606,7 +606,7 @@ satisfies: - control_key: IA-8 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/OpenShift-v3/policies/MA-Maintenance/component.yaml b/OpenShift-v3/policies/MA-Maintenance/component.yaml index 60bd0ab..b9e773c 100644 --- a/OpenShift-v3/policies/MA-Maintenance/component.yaml +++ b/OpenShift-v3/policies/MA-Maintenance/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: MA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -48,7 +48,7 @@ satisfies: - control_key: MA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | diff --git a/OpenShift-v3/policies/MP-Media_Protection/component.yaml b/OpenShift-v3/policies/MP-Media_Protection/component.yaml index 0e807c3..0dc86f3 100644 --- a/OpenShift-v3/policies/MP-Media_Protection/component.yaml +++ b/OpenShift-v3/policies/MP-Media_Protection/component.yaml @@ -10,7 +10,7 @@ satisfies: #- control_key: MP-1 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-1. @@ -20,7 +20,7 @@ satisfies: #- control_key: MP-2 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-2. @@ -30,7 +30,7 @@ satisfies: #- control_key: MP-3 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-3. @@ -40,7 +40,7 @@ satisfies: #- control_key: MP-4 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-4. @@ -50,7 +50,7 @@ satisfies: #- control_key: MP-5 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-5. @@ -60,7 +60,7 @@ satisfies: #- control_key: MP-5 (4) # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-5 (4). @@ -70,7 +70,7 @@ satisfies: #- control_key: MP-6 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-6. @@ -80,7 +80,7 @@ satisfies: #- control_key: MP-6 (2) # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-6 (2). @@ -90,7 +90,7 @@ satisfies: #- control_key: MP-7 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-7. @@ -100,7 +100,7 @@ satisfies: #- control_key: MP-7 (1) # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-7 (1). diff --git a/OpenShift-v3/policies/PE-Physical_and_Environmental_Protection/component.yaml b/OpenShift-v3/policies/PE-Physical_and_Environmental_Protection/component.yaml index c93bcb1..479fbf6 100644 --- a/OpenShift-v3/policies/PE-Physical_and_Environmental_Protection/component.yaml +++ b/OpenShift-v3/policies/PE-Physical_and_Environmental_Protection/component.yaml @@ -9,7 +9,7 @@ satisfies: #- control_key: PE-1 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - key: a # text: | diff --git a/OpenShift-v3/policies/PS-Personnel_Security/component.yaml b/OpenShift-v3/policies/PS-Personnel_Security/component.yaml index e437c85..3c8d253 100644 --- a/OpenShift-v3/policies/PS-Personnel_Security/component.yaml +++ b/OpenShift-v3/policies/PS-Personnel_Security/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: PS-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/OpenShift-v3/policies/RA-Risk_Assessment/component.yaml b/OpenShift-v3/policies/RA-Risk_Assessment/component.yaml index 247e61a..cad3d3b 100644 --- a/OpenShift-v3/policies/RA-Risk_Assessment/component.yaml +++ b/OpenShift-v3/policies/RA-Risk_Assessment/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: RA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: d text: | diff --git a/OpenShift-v3/policies/SA-System_and_Services_Acquisition/component.yaml b/OpenShift-v3/policies/SA-System_and_Services_Acquisition/component.yaml index eb87c64..107d984 100644 --- a/OpenShift-v3/policies/SA-System_and_Services_Acquisition/component.yaml +++ b/OpenShift-v3/policies/SA-System_and_Services_Acquisition/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SA-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -53,7 +53,7 @@ satisfies: - control_key: SA-10 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -72,7 +72,7 @@ satisfies: - control_key: SA-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -124,7 +124,7 @@ satisfies: - control_key: SA-11 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -138,7 +138,7 @@ satisfies: - control_key: SA-11 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -154,7 +154,7 @@ satisfies: - control_key: SA-11 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/OpenShift-v3/policies/SC-Systems_and_Communications_Protection/component.yaml b/OpenShift-v3/policies/SC-Systems_and_Communications_Protection/component.yaml index 71873a4..b2d18ad 100644 --- a/OpenShift-v3/policies/SC-Systems_and_Communications_Protection/component.yaml +++ b/OpenShift-v3/policies/SC-Systems_and_Communications_Protection/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SC-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -20,7 +20,7 @@ satisfies: - control_key: SC-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -32,7 +32,7 @@ satisfies: - control_key: SC-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -45,7 +45,7 @@ satisfies: - control_key: SC-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -75,7 +75,7 @@ satisfies: - control_key: SC-7 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -88,7 +88,7 @@ satisfies: - control_key: SC-7 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -109,7 +109,7 @@ satisfies: - control_key: SC-7 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -121,7 +121,7 @@ satisfies: - control_key: SC-7 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -133,7 +133,7 @@ satisfies: - control_key: SC-7 (12) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -145,7 +145,7 @@ satisfies: - control_key: SC-7 (13) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -160,7 +160,7 @@ satisfies: - control_key: SC-7 (18) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'This control is inherited through organizational network services.' @@ -168,7 +168,7 @@ satisfies: - control_key: SC-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -183,7 +183,7 @@ satisfies: - control_key: SC-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -197,7 +197,7 @@ satisfies: - control_key: SC-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -210,7 +210,7 @@ satisfies: - control_key: SC-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -230,7 +230,7 @@ satisfies: - control_key: SC-13 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -242,7 +242,7 @@ satisfies: - control_key: SC-18 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: c text: | @@ -255,7 +255,7 @@ satisfies: - control_key: SC-19 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | @@ -268,7 +268,7 @@ satisfies: - control_key: SC-20 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -292,7 +292,7 @@ satisfies: - control_key: SC-21 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -304,7 +304,7 @@ satisfies: - control_key: SC-22 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -316,7 +316,7 @@ satisfies: - control_key: SC-23 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -334,7 +334,7 @@ satisfies: - control_key: SC-28 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -345,7 +345,7 @@ satisfies: - control_key: SC-28 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -364,7 +364,7 @@ satisfies: - control_key: SC-39 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'Red Hat Enterprise Linux, when configured against USGCB settings, diff --git a/OpenShift-v3/policies/SI-System_and_Information_Integrity/component.yaml b/OpenShift-v3/policies/SI-System_and_Information_Integrity/component.yaml index 3829d3a..667586a 100644 --- a/OpenShift-v3/policies/SI-System_and_Information_Integrity/component.yaml +++ b/OpenShift-v3/policies/SI-System_and_Information_Integrity/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SI-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -50,7 +50,7 @@ satisfies: - control_key: SI-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -66,7 +66,7 @@ satisfies: - control_key: SI-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -92,7 +92,7 @@ satisfies: - control_key: SI-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -139,7 +139,7 @@ satisfies: - control_key: SI-3 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -153,7 +153,7 @@ satisfies: - control_key: SI-3 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -167,7 +167,7 @@ satisfies: - control_key: SI-3 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -183,7 +183,7 @@ satisfies: - control_key: SI-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -253,7 +253,7 @@ satisfies: - control_key: SI-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -268,7 +268,7 @@ satisfies: - control_key: SI-4 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -285,7 +285,7 @@ satisfies: - control_key: SI-4 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -300,7 +300,7 @@ satisfies: - control_key: SI-4 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -314,7 +314,7 @@ satisfies: - control_key: SI-4 (14) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | 'An OpenShift infrastructure does not have wireless capabilities. This @@ -324,7 +324,7 @@ satisfies: - control_key: SI-4 (16) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -336,7 +336,7 @@ satisfies: - control_key: SI-4 (23) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -348,7 +348,7 @@ satisfies: - control_key: SI-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -370,7 +370,7 @@ satisfies: - control_key: SI-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -413,7 +413,7 @@ satisfies: - control_key: SI-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -426,7 +426,7 @@ satisfies: - control_key: SI-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -441,7 +441,7 @@ satisfies: - control_key: SI-7 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -456,7 +456,7 @@ satisfies: - control_key: SI-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -471,7 +471,7 @@ satisfies: - control_key: SI-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -495,7 +495,7 @@ satisfies: - control_key: SI-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -512,7 +512,7 @@ satisfies: - control_key: SI-16 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/RHEL7/component.yaml b/RHEL7/component.yaml index c7745dd..ed54889 100644 --- a/RHEL7/component.yaml +++ b/RHEL7/component.yaml @@ -5,14 +5,3 @@ references: - name: Red Hat Enterprise Linux Security Configuration Guide path: https://tbd.com type: URL -satisfies: - - control_key: AC-2 (12) - covered_by: [] - implementation_status: complete - control_origin: "service provider system specific" - narrative: - - key: a - text: | - 'This is sample text on how RHEL7 satisfies AC-2(12)' - standard_key: NIST-800-53 - diff --git a/RHEL7/policies/AC-Access_Control/component.yaml b/RHEL7/policies/AC-Access_Control/component.yaml index 0e8b155..624de20 100644 --- a/RHEL7/policies/AC-Access_Control/component.yaml +++ b/RHEL7/policies/AC-Access_Control/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: AC-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: AC-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: AC-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (1) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: AC-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (2) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: AC-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (3) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: AC-2 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (4) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: AC-2 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (5) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: AC-2 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (7) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: AC-2 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (9) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: AC-2 (10) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (10) goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: AC-2 (12) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-2 (12) goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: AC-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-3 goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: AC-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-4 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: AC-4 (21) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-4 (21) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: AC-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-5 goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: AC-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-6 goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: AC-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-6 (1) goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: AC-6 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-6 (2) goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: AC-6 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-6 (5) goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: AC-6 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-6 (9) goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: AC-6 (10) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-6 (10) goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: AC-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-7 goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: AC-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-8 goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: AC-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-10 goes here. @@ -246,7 +246,7 @@ satisfies: - control_key: AC-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-11 goes here. @@ -256,7 +256,7 @@ satisfies: - control_key: AC-11 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-11 (1) goes here. @@ -266,7 +266,7 @@ satisfies: - control_key: AC-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-12 goes here. @@ -276,7 +276,7 @@ satisfies: - control_key: AC-14 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-14 goes here. @@ -286,7 +286,7 @@ satisfies: - control_key: AC-17 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-17 goes here. @@ -296,7 +296,7 @@ satisfies: - control_key: AC-17 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-17 (1) goes here. @@ -306,7 +306,7 @@ satisfies: - control_key: AC-17 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-17 (2) goes here. @@ -316,7 +316,7 @@ satisfies: - control_key: AC-17 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-17 (3) goes here. @@ -326,7 +326,7 @@ satisfies: - control_key: AC-17 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-17 (4) goes here. @@ -336,7 +336,7 @@ satisfies: - control_key: AC-17 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-17 (9) goes here. @@ -346,7 +346,7 @@ satisfies: - control_key: AC-18 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-18 goes here. @@ -356,7 +356,7 @@ satisfies: - control_key: AC-18 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-18 (1) goes here. @@ -366,7 +366,7 @@ satisfies: - control_key: AC-19 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-19 goes here. @@ -376,7 +376,7 @@ satisfies: - control_key: AC-19 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-19 (5) goes here. @@ -386,7 +386,7 @@ satisfies: - control_key: AC-20 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-20 goes here. @@ -396,7 +396,7 @@ satisfies: - control_key: AC-20 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-20 (1) goes here. @@ -406,7 +406,7 @@ satisfies: - control_key: AC-20 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-20 (2) goes here. @@ -416,7 +416,7 @@ satisfies: - control_key: AC-21 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-21 goes here. @@ -426,7 +426,7 @@ satisfies: - control_key: AC-22 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AC-22 goes here. diff --git a/RHEL7/policies/AT-Awareness_and_Training/component.yaml b/RHEL7/policies/AT-Awareness_and_Training/component.yaml index bf491be..6f1cd6f 100644 --- a/RHEL7/policies/AT-Awareness_and_Training/component.yaml +++ b/RHEL7/policies/AT-Awareness_and_Training/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: AT-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AT-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: AT-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AT-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: AT-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AT-2 (2) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: AT-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AT-3 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: AT-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AT-4 goes here. diff --git a/RHEL7/policies/AU-Audit_and_Accountability/component.yaml b/RHEL7/policies/AU-Audit_and_Accountability/component.yaml index 5086bbc..7b36a1f 100644 --- a/RHEL7/policies/AU-Audit_and_Accountability/component.yaml +++ b/RHEL7/policies/AU-Audit_and_Accountability/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: AU-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: AU-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: AU-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-2 (3) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: AU-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-3 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: AU-3 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-3 (1) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: AU-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-4 goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: AU-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-5 goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: AU-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-6 goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: AU-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-6 (1) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: AU-6 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-6 (3) goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: AU-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-7 goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: AU-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-7 (1) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: AU-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-8 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: AU-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-8 (1) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: AU-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-9 goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: AU-9 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-9 (2) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: AU-9 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-9 (4) goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: AU-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-11 goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: AU-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against AU-12 goes here. diff --git a/RHEL7/policies/CA-Security_Assessment_and_Authorization/component.yaml b/RHEL7/policies/CA-Security_Assessment_and_Authorization/component.yaml index 08f7d6d..74577e0 100644 --- a/RHEL7/policies/CA-Security_Assessment_and_Authorization/component.yaml +++ b/RHEL7/policies/CA-Security_Assessment_and_Authorization/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: CA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: CA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: CA-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-2 (1) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: CA-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-2 (2) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: CA-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-2 (3) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: CA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-3 goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: CA-3 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-3 (3) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: CA-3 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-3 (5) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: CA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-5 goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: CA-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-6 goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: CA-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-7 goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: CA-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-7 (1) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: CA-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-8 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: CA-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-8 (1) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: CA-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CA-9 goes here. diff --git a/RHEL7/policies/CM-Configuration_Management/component.yaml b/RHEL7/policies/CM-Configuration_Management/component.yaml index 75fab1d..2a47351 100644 --- a/RHEL7/policies/CM-Configuration_Management/component.yaml +++ b/RHEL7/policies/CM-Configuration_Management/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: CM-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: CM-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: CM-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-2 (1) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: CM-2(2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-2(2) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: CM-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-2 (3) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: CM-2 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-2 (7) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: CM-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-3 goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: CM-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-4 goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: CM-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-5 goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: CM-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-5 (1) goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: CM-5 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-5 (3) goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: CM-5 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-5 (5) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: CM-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-6 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: CM-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-6 (1) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: CM-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-7 goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: CM-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-7 (1) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: CM-7 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-7 (2) goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: CM-7 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-7 (5) goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: CM-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-8 goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: CM-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-8 (1) goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: CM-8 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-8 (3) goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: CM-8 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-8 (5) goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: CM-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-9 goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: CM-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-10 goes here. @@ -246,7 +246,7 @@ satisfies: - control_key: CM-10 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-10 (1) goes here. @@ -256,7 +256,7 @@ satisfies: - control_key: CM-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CM-11 goes here. diff --git a/RHEL7/policies/CP-Contingency_Planning/component.yaml b/RHEL7/policies/CP-Contingency_Planning/component.yaml index 88f52d8..d46ba61 100644 --- a/RHEL7/policies/CP-Contingency_Planning/component.yaml +++ b/RHEL7/policies/CP-Contingency_Planning/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: CP-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: CP-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: CP-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-2 (1) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: CP-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-2 (2) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: CP-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-2 (3) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: CP-2 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-2 (8) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: CP-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-3 goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: CP-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-4 goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: CP-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-4 (1) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: CP-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-6 goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: CP-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-6 (1) goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: CP-6 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-6 (3) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: CP-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-7 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: CP-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-7 (1) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: CP-7 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-7 (2) goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: CP-7 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-7 (3) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: CP-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-8 goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: CP-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-8 (1) goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: CP-8 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-8 (2) goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: CP-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-9 goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: CP-9 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-9 (1) goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: CP-9 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-9 (3) goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: CP-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-10 goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: CP-10 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against CP-10 (2) goes here. diff --git a/RHEL7/policies/IA-Identification_and_Authentication/component.yaml b/RHEL7/policies/IA-Identification_and_Authentication/component.yaml index ec1195f..740844e 100644 --- a/RHEL7/policies/IA-Identification_and_Authentication/component.yaml +++ b/RHEL7/policies/IA-Identification_and_Authentication/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: IA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: IA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: IA-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (1) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: IA-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (2) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: IA-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (3) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: IA-2 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (5) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: IA-2 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (8) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: IA-2 (11) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (11) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: IA-2 (12) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-2 (12) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: IA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-3 goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: IA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-4 goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: IA-4 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-4 (4) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: IA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: IA-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (1) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: IA-5 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (2) goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: IA-5 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (3) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: IA-5 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (4) goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: IA-5 (6) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (6) goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: IA-5 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (7) goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: IA-5 (11) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-5 (11) goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: IA-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-6 goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: IA-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-7 goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: IA-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-8 goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: IA-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-8 (1) goes here. @@ -246,7 +246,7 @@ satisfies: - control_key: IA-8 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-8 (2) goes here. @@ -256,7 +256,7 @@ satisfies: - control_key: IA-8 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-8 (3) goes here. @@ -266,7 +266,7 @@ satisfies: - control_key: IA-8 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against IA-8 (4) goes here. diff --git a/RHEL7/policies/IR-Incident_Response/component.yaml b/RHEL7/policies/IR-Incident_Response/component.yaml index ac9da87..2ced5fe 100644 --- a/RHEL7/policies/IR-Incident_Response/component.yaml +++ b/RHEL7/policies/IR-Incident_Response/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: IR-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-1 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -14,7 +14,7 @@ satisfies: - control_key: IR-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-2 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -22,7 +22,7 @@ satisfies: - control_key: IR-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-3 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -30,7 +30,7 @@ satisfies: - control_key: IR-3 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-3 (2) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -38,7 +38,7 @@ satisfies: - control_key: IR-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-4 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -46,7 +46,7 @@ satisfies: - control_key: IR-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-4 (1) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -54,7 +54,7 @@ satisfies: - control_key: IR-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-5 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -62,7 +62,7 @@ satisfies: - control_key: IR-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-6 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -70,7 +70,7 @@ satisfies: - control_key: IR-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-6 (1) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -78,7 +78,7 @@ satisfies: - control_key: IR-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-7 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -86,7 +86,7 @@ satisfies: - control_key: IR-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-7 (1) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -94,7 +94,7 @@ satisfies: - control_key: IR-7 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-7 (2) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -102,7 +102,7 @@ satisfies: - control_key: IR-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-8 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -110,7 +110,7 @@ satisfies: - control_key: IR-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-9 is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -118,7 +118,7 @@ satisfies: - control_key: IR-9 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-9 (1) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -126,7 +126,7 @@ satisfies: - control_key: IR-9 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-9 (2) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -134,7 +134,7 @@ satisfies: - control_key: IR-9 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-9 (3) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. @@ -142,7 +142,7 @@ satisfies: - control_key: IR-9 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - text: | IR-9 (4) is an organizational control outside the scope of Red Hat Enterprise Linux 7 configuration. diff --git a/RHEL7/policies/MA-Maintenance/component.yaml b/RHEL7/policies/MA-Maintenance/component.yaml index 3c827ad..dbefb55 100644 --- a/RHEL7/policies/MA-Maintenance/component.yaml +++ b/RHEL7/policies/MA-Maintenance/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: MA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: MA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: MA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-3 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: MA-3 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-3 (1) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: MA-3 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-3 (2) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: MA-3 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-3 (3) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: MA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-4 goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: MA-4 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-4 (2) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: MA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-5 goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: MA-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-5 (1) goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: MA-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MA-6 goes here. diff --git a/RHEL7/policies/MP-Media_Protection/component.yaml b/RHEL7/policies/MP-Media_Protection/component.yaml index c2743ef..88f2106 100644 --- a/RHEL7/policies/MP-Media_Protection/component.yaml +++ b/RHEL7/policies/MP-Media_Protection/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: MP-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: MP-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: MP-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-3 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: MP-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-4 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: MP-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-5 goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: MP-5 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-5 (4) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: MP-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-6 goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: MP-6 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-6 (2) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: MP-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-7 goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: MP-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against MP-7 (1) goes here. diff --git a/RHEL7/policies/PE-Physical_and_Environmental_Protection/component.yaml b/RHEL7/policies/PE-Physical_and_Environmental_Protection/component.yaml index 5713d73..3ca71eb 100644 --- a/RHEL7/policies/PE-Physical_and_Environmental_Protection/component.yaml +++ b/RHEL7/policies/PE-Physical_and_Environmental_Protection/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: PE-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: PE-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: PE-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-3 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: PE-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-4 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: PE-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-5 goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: PE-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-6 goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: PE-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-6 (1) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: PE-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-8 goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: PE-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-9 goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: PE-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-10 goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: PE-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-11 goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: PE-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-12 goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: PE-13 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-13 goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: PE-13 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-13 (2) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: PE-13 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-13 (3) goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: PE-14 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-14 goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: PE-14 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-14 (2) goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: PE-15 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-15 goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: PE-16 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-16 goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: PE-17 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PE-17 goes here. diff --git a/RHEL7/policies/PL-Planning/component.yaml b/RHEL7/policies/PL-Planning/component.yaml index 2988cad..5637cdd 100644 --- a/RHEL7/policies/PL-Planning/component.yaml +++ b/RHEL7/policies/PL-Planning/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: PL-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PL-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: PL-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PL-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: PL-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PL-2 (3) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: PL-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PL-4 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: PL-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PL-4 (1) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: PL-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PL-8 goes here. diff --git a/RHEL7/policies/PS-Personnel_Security/component.yaml b/RHEL7/policies/PS-Personnel_Security/component.yaml index f6d0302..f7b2fae 100644 --- a/RHEL7/policies/PS-Personnel_Security/component.yaml +++ b/RHEL7/policies/PS-Personnel_Security/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: PS-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: PS-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: PS-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-3 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: PS-3 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-3 (3) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: PS-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-4 goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: PS-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-5 goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: PS-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-6 goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: PS-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-7 goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: PS-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against PS-8 goes here. diff --git a/RHEL7/policies/RA-Risk_Assessment/component.yaml b/RHEL7/policies/RA-Risk_Assessment/component.yaml index 8fd3084..f3becf2 100644 --- a/RHEL7/policies/RA-Risk_Assessment/component.yaml +++ b/RHEL7/policies/RA-Risk_Assessment/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: RA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: RA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: RA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-3 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: RA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: RA-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 (1) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: RA-5 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 (2) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: RA-5 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 (3) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: RA-5 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 (5) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: RA-5 (6) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 (6) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: RA-5 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against RA-5 (8) goes here. diff --git a/RHEL7/policies/SA-System_and_Services_Acquisition/component.yaml b/RHEL7/policies/SA-System_and_Services_Acquisition/component.yaml index 426fba6..fc72150 100644 --- a/RHEL7/policies/SA-System_and_Services_Acquisition/component.yaml +++ b/RHEL7/policies/SA-System_and_Services_Acquisition/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: SA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: SA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: SA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-3 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: SA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-4 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: SA-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-4 (1) goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: SA-4 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-4 (2) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: SA-4 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-4 (8) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: SA-4 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-4 (9) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: SA-4 (10) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-4 (10) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: SA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-5 goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: SA-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-8 goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: SA-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-9 goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: SA-9 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-9 (1) goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: SA-9 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-9 (2) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: SA-9 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-9 (4) goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: SA-9 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-9 (5) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: SA-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-10 goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: SA-10 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-10 (1) goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: SA-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-11 goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: SA-11 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-11 (1) goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: SA-11 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-11 (2) goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: SA-11 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-11 (8) goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: SA-22 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-22 goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: SA-22 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SA-22 (1) goes here. diff --git a/RHEL7/policies/SC-Systems_and_Communications_Protection/component.yaml b/RHEL7/policies/SC-Systems_and_Communications_Protection/component.yaml index de1e9a7..fe2c228 100644 --- a/RHEL7/policies/SC-Systems_and_Communications_Protection/component.yaml +++ b/RHEL7/policies/SC-Systems_and_Communications_Protection/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: SC-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: SC-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: SC-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-4 goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: SC-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-5 goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: SC-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-6 goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: SC-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: SC-7 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (3) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: SC-7 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (4) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: SC-7 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (5) goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: SC-7 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (7) goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: SC-7 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (8) goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: SC-7 (12) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (12) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: SC-7 (13) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (13) goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: SC-7 (18) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-7 (18) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: SC-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-8 goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: SC-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-8 (1) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: SC-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-10 goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: SC-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-12 goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: SC-12 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-12 (1) goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: SC-12 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-12 (2) goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: SC-12 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-12 (3) goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: SC-13 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-13 goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: SC-15 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-15 goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: SC-17 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-17 goes here. @@ -246,7 +246,7 @@ satisfies: - control_key: SC-18 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-18 goes here. @@ -256,7 +256,7 @@ satisfies: - control_key: SC-19 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-19 goes here. @@ -266,7 +266,7 @@ satisfies: - control_key: SC-20 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-20 goes here. @@ -276,7 +276,7 @@ satisfies: - control_key: SC-21 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-21 goes here. @@ -286,7 +286,7 @@ satisfies: - control_key: SC-22 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-22 goes here. @@ -296,7 +296,7 @@ satisfies: - control_key: SC-23 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-23 goes here. @@ -306,7 +306,7 @@ satisfies: - control_key: SC-28 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-28 goes here. @@ -316,7 +316,7 @@ satisfies: - control_key: SC-28 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-28 (1) goes here. @@ -326,7 +326,7 @@ satisfies: - control_key: SC-39 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SC-39 goes here. diff --git a/RHEL7/policies/SI-System_and_Information_Integrity/component.yaml b/RHEL7/policies/SI-System_and_Information_Integrity/component.yaml index 1dfdb7e..362a719 100644 --- a/RHEL7/policies/SI-System_and_Information_Integrity/component.yaml +++ b/RHEL7/policies/SI-System_and_Information_Integrity/component.yaml @@ -6,7 +6,7 @@ satisfies: - control_key: SI-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-1 goes here. @@ -16,7 +16,7 @@ satisfies: - control_key: SI-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-2 goes here. @@ -26,7 +26,7 @@ satisfies: - control_key: SI-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-2 (2) goes here. @@ -36,7 +36,7 @@ satisfies: - control_key: SI-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-2 (3) goes here. @@ -46,7 +46,7 @@ satisfies: - control_key: SI-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-3 goes here. @@ -56,7 +56,7 @@ satisfies: - control_key: SI-3 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-3 (1) goes here. @@ -66,7 +66,7 @@ satisfies: - control_key: SI-3 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-3 (2) goes here. @@ -76,7 +76,7 @@ satisfies: - control_key: SI-3 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-3 (7) goes here. @@ -86,7 +86,7 @@ satisfies: - control_key: SI-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 goes here. @@ -96,7 +96,7 @@ satisfies: - control_key: SI-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (1) goes here. @@ -106,7 +106,7 @@ satisfies: - control_key: SI-4 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (2) goes here. @@ -116,7 +116,7 @@ satisfies: - control_key: SI-4 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (4) goes here. @@ -126,7 +126,7 @@ satisfies: - control_key: SI-4 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (5) goes here. @@ -136,7 +136,7 @@ satisfies: - control_key: SI-4 (14) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (14) goes here. @@ -146,7 +146,7 @@ satisfies: - control_key: SI-4 (16) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (16) goes here. @@ -156,7 +156,7 @@ satisfies: - control_key: SI-4 (23) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-4 (23) goes here. @@ -166,7 +166,7 @@ satisfies: - control_key: SI-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-5 goes here. @@ -176,7 +176,7 @@ satisfies: - control_key: SI-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-6 goes here. @@ -186,7 +186,7 @@ satisfies: - control_key: SI-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-7 goes here. @@ -196,7 +196,7 @@ satisfies: - control_key: SI-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-7 (1) goes here. @@ -206,7 +206,7 @@ satisfies: - control_key: SI-7 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-7 (7) goes here. @@ -216,7 +216,7 @@ satisfies: - control_key: SI-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-8 goes here. @@ -226,7 +226,7 @@ satisfies: - control_key: SI-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-8 (1) goes here. @@ -236,7 +236,7 @@ satisfies: - control_key: SI-8 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-8 (2) goes here. @@ -246,7 +246,7 @@ satisfies: - control_key: SI-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-10 goes here. @@ -256,7 +256,7 @@ satisfies: - control_key: SI-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-11 goes here. @@ -266,7 +266,7 @@ satisfies: - control_key: SI-12 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-12 goes here. @@ -276,7 +276,7 @@ satisfies: - control_key: SI-16 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | Narrative text on how product can be configured against SI-16 goes here. diff --git a/customer_cxo_controls/Makefile b/customer_cxo_controls/Makefile index 73c0052..760cc49 100644 --- a/customer_cxo_controls/Makefile +++ b/customer_cxo_controls/Makefile @@ -22,7 +22,7 @@ clean: rm -rf exports/ opencontrols/ pdf: exports - cd exports/ && gitbook pdf ./ ./OpenShift_v3_Compliance.pdf + cd exports/ && gitbook pdf ./ ./Organizational_Controls_Compliance.pdf serve: exports cd exports && gitbook serve @@ -36,11 +36,5 @@ opencontrols: opencontrol.yaml coverage: ${CM} diff FedRAMP-low -fedramp: - ${GOPATH}/bin/fedramp-templater fill opencontrols/ ../FedRAMP_Template/FedRAMP-System-Security-Plan-Template-v2.1.docx exports/FedRAMP-Filled-v2.1.docx - -fedramp-diff: - ${GOPATH}/bin/fedramp-templater diff opencontrols/ ../FedRAMP_Template/FedRAMP-System-Security-Plan-Template-v2.1.docx - checks: yamllint policies/ diff --git a/customer_cxo_controls/component.yaml b/customer_cxo_controls/component.yaml index 5f7316a..17f66b2 100644 --- a/customer_cxo_controls/component.yaml +++ b/customer_cxo_controls/component.yaml @@ -1,17 +1,16 @@ documentation_complete: false schema_version: 3.0.0 -name: Red Hat OpenShift Enterprise v3 -references: - - name: Red Hat OpenShift Security Configuration Guide - path: https://tbd.com - type: URL -satisfies: - - control_key: AU-3 - covered_by: [] - implementation_status: complete - control_origin: "service provider system specific" - narrative: - - text: | - 'This is sample text on how OpenShift satisfies AU-3' - standard_key: NIST-800-53 - +name: Customer CxO (Organizational) Controls +#references: +# - name: Red Hat OpenShift Security Configuration Guide +# path: https://tbd.com +# type: URL +#satisfies#: +# - control_key: AU-3 +# covered_by: [] +# implementation_status: complete +# control_origin: "service provider system specific" +# narrative: +# - text: | +# 'This is sample text on how OpenShift satisfies AU-3' +# standard_key: NIST-800-53 diff --git a/customer_cxo_controls/opencontrol.yaml b/customer_cxo_controls/opencontrol.yaml index 88cc55a..62e2821 100644 --- a/customer_cxo_controls/opencontrol.yaml +++ b/customer_cxo_controls/opencontrol.yaml @@ -1,7 +1,7 @@ schema_version: "1.0.0" name: Organizational-Controls.fd metadata: - description: Red Hat Organizational Controls + description: Organizational Controls maintainers: - Shawn Wells diff --git a/customer_cxo_controls/policies/AC-Access_Control/component.yaml b/customer_cxo_controls/policies/AC-Access_Control/component.yaml index 564fba4..7b0961a 100644 --- a/customer_cxo_controls/policies/AC-Access_Control/component.yaml +++ b/customer_cxo_controls/policies/AC-Access_Control/component.yaml @@ -1,13 +1,13 @@ --- documentation_complete: false -name: [ORGANIZATIONAL] Access Control +name: Access Control schema_version: 3.0.0 satisfies: -control_key: AC-1 +- control_key: AC-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -34,7 +34,7 @@ control_key: AC-1 - control_key: AC-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -47,7 +47,7 @@ control_key: AC-1 - control_key: AC-2 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Implemented + implementation_status: Implemented narrative: - text: | '//* @@ -63,7 +63,7 @@ control_key: AC-1 - control_key: AC-2 (12) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -86,20 +86,20 @@ control_key: AC-1 - control_key: AC-2 (13) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | - '//* - The organization will be responsible for disabling accounts of users - posing a significant risk within an organizational-defined time - period of discovery of the risk. A successful control response defines - the time period and the processes to disable the account(s). - */' + - text: | + '//* + The organization will be responsible for disabling accounts of users + posing a significant risk within an organizational-defined time + period of discovery of the risk. A successful control response defines + the time period and the processes to disable the account(s). + */' - control_key: AC-18 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -121,27 +121,27 @@ control_key: AC-1 - control_key: AC-19 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - A successful control response will document how, if wireless - connectivity is permitted, end-user devices are organizationally + A successful control response will document how, if wireless + connectivity is permitted, end-user devices are organizationally managed (configurations, connections, and applications). */' - key: b text: | '//* - A successful control response will document how, if wireless - connectivity is permitted, mobile devices are authorized to + A successful control response will document how, if wireless + connectivity is permitted, mobile devices are authorized to connect to organizational networks (e.g. MDM). */' - control_key: AC-19 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -153,13 +153,13 @@ control_key: AC-1 - control_key: AC-20 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for establishing terms and conditions - allowing authorized individuals to access the customer application + The organization will be responsible for establishing terms and conditions + allowing authorized individuals to access the organization application from external information sysetms. A successful control response will need to outline the terms and conditions and the external information systems to which those terms and conditions apply. @@ -167,7 +167,7 @@ control_key: AC-1 - key: b text: | '//* - The customer will be responsible for establishing terms and conditions + The organization will be responsible for establishing terms and conditions allowing authorized individuals to process, store, or transmit customer-controlled information using external information systems. A successful control response will need to outline the terms and @@ -178,34 +178,34 @@ control_key: AC-1 - control_key: AC-20 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | '//* - The customer will be responsible for verifying the implementation of + The organization will be responsible for verifying the implementation of required security controls on external information systems used to - access the customer application. A successful control response will + access the organization application. A successful control response will need to address how this verification occurs (e.g. through an independent assessment). */' - key: 'b' text: | '//* - If part (a) is not possible, then the customer will be responsible + If part (a) is not possible, then the organization will be responsible for establishing and retaining approved information system connection or processing agreements with the external entity hosting the external - information system used to access the customer application. + information system used to access the organization application. */' - control_key: AC-20 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* - The customer will be responsible for restricting or prohibiting the + The organization will be responsible for restricting or prohibiting the use of customer-controlled portable storage devices on external information systems. If such use is not prohibited, a successful control repsonse will need to address specific restrictions on how @@ -215,12 +215,12 @@ control_key: AC-1 - control_key: AC-21 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | '//* - The customer will be responsible for determining when authorized users + The organization will be responsible for determining when authorized users are required to use discretion as to whether to share information. A successful control response will need to address the circumstances where user direction (rather than automatic access enforcement) is @@ -229,7 +229,7 @@ control_key: AC-1 - key: 'b' text: | '//* - The customer will be responsible for defining and employing automated + The organization will be responsible for defining and employing automated mechanisms or manual processes to assist users in making information sharing decisions. */' @@ -237,12 +237,12 @@ control_key: AC-1 - control_key: AC-22 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | '//* - The customer will be responsible for designating individuals + The organization will be responsible for designating individuals authorized to post information publicly. A successful control response will need to address the specific business requirements or job functions that justify such access. @@ -250,7 +250,7 @@ control_key: AC-1 - key: 'b' text: | '//* - The customer will be responsible for trianing designated authorized + The organization will be responsible for trianing designated authorized individuals to prevent disclosure of nonpublic information. A successful control response will need to outline the training provided. @@ -258,7 +258,7 @@ control_key: AC-1 - key: 'c' text: | '//* - The customer will be responsible for reviewing information prior to + The organization will be responsible for reviewing information prior to public posting to ensure that nonpublic information is not included. A successful control response will need to address the roles or personnel responsible for this review and the process for signoff. @@ -266,7 +266,7 @@ control_key: AC-1 - key: 'd' text: | '//* - The customer will be responsible for reviewing publicly available + The organization will be responsible for reviewing publicly available information at the reqired frequency and removing nonpublic information when discovered. A successful control response will need to address the roles or personnel responsible for the review, the process used to diff --git a/customer_cxo_controls/policies/AT-Awareness_and_Training/component.yaml b/customer_cxo_controls/policies/AT-Awareness_and_Training/component.yaml index baa6492..958e69a 100644 --- a/customer_cxo_controls/policies/AT-Awareness_and_Training/component.yaml +++ b/customer_cxo_controls/policies/AT-Awareness_and_Training/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: AT-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | @@ -34,7 +34,7 @@ satisfies: - control_key: AT-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -48,7 +48,7 @@ satisfies: - control_key: AT-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | @@ -81,12 +81,12 @@ satisfies: - control_key: AT-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | '//* - The customer will be responsible for tracking successful completion + The organization will be responsible for tracking successful completion of basic security awareness training and role-based training security training activities. A successful control response will discuss the process or system used to monitor and document completion of @@ -95,7 +95,7 @@ satisfies: - key: 'b' text: | '//* - The customer will be responsible for retaining training records for + The organization will be responsible for retaining training records for the required timeframe. A successful control response will outline the methods by which required retention is achieved. */' diff --git a/customer_cxo_controls/policies/AU-Audit_and_Accountability/component.yaml b/customer_cxo_controls/policies/AU-Audit_and_Accountability/component.yaml index 32d5702..02ab073 100644 --- a/customer_cxo_controls/policies/AU-Audit_and_Accountability/component.yaml +++ b/customer_cxo_controls/policies/AU-Audit_and_Accountability/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: AU-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -34,7 +34,7 @@ satisfies: - control_key: AU-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -67,7 +67,7 @@ satisfies: - control_key: AU-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -82,7 +82,7 @@ satisfies: - control_key: AU-3 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -100,13 +100,13 @@ satisfies: - control_key: AU-6 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* Customers are responsible for analyzing and correlating audit records accross different repositories to gain organiational-wide situational - awareness. A successful control response will discuss how the customer + awareness. A successful control response will discuss how the organization correlates and analyzes audit records from different sources. This can include processes and tools used to meet these goals. */' diff --git a/customer_cxo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml b/customer_cxo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml index b1d6077..fc8ed40 100644 --- a/customer_cxo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml +++ b/customer_cxo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: CA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Security Assessment and Authorization policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Security Assessment and Authorization policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) @@ -34,26 +34,26 @@ satisfies: - control_key: CA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing a Security Assessment + The organization will be responsible for developing a Security Assessment Plan. A successful control response will need to address the involement of a FedRAMP-accredited 3PAO (see CA-2(1)), the scope - of the assessment, and any specific requirements the customer has + of the assessment, and any specific requirements the organization has for the 3PAO. */' - control_key: CA-3 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* - The customer will be responsible for requiring unclassified, + The organization will be responsible for requiring unclassified, non-national security systems to connect to customer applications through a TIC. A successful control response will need to address whether this requirement is enforced using technical means or via @@ -63,19 +63,19 @@ satisfies: - control_key: CA-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for working with FedRAMP to designate + The organization will be responsible for working with FedRAMP to designate an authorizing official. A successful control response will need to address how an appropriate authorizing official is selected. */' - key: b text: | '//* - The customer will be responsible for recieving official authorizaiton + The organization will be responsible for recieving official authorizaiton from the authorizing official prior to commencing operations for federal customers. A successful control response will need to address the inputs provided to the authorizing official so that an @@ -84,7 +84,7 @@ satisfies: - key: c text: | '//* - The customer will be responsible for updating the accreditation + The organization will be responsible for updating the accreditation package at the required frequency. A successful control response will need to address the components of the package that will be updated, the process for re-assessing the system in alignment with the updated @@ -95,22 +95,22 @@ satisfies: - control_key: CA-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing a continuous + The organization will be responsible for developing a continuous monitoring strategy that meets the requirements. For metrics to be monitored, a successful control response will need to include a - discussion of what information the customer considers important to + discussion of what information the organization considers important to monitor, as well as a rationale for that information being sufficient to demonstrate the ongoing security of the system. */' - key: b text: | '//* - The customer will be responsible for developing a continuous + The organization will be responsible for developing a continuous monitoring strategy that meets the requirements. For frequency of monitoring, a successful control response will need to address the rationale for the selected frequency. This frequency should be diff --git a/customer_cxo_controls/policies/CM-Configuration_Management/component.yaml b/customer_cxo_controls/policies/CM-Configuration_Management/component.yaml index 83b1cf2..7071c19 100644 --- a/customer_cxo_controls/policies/CM-Configuration_Management/component.yaml +++ b/customer_cxo_controls/policies/CM-Configuration_Management/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: CM-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Configuration Management policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Configuration Management policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible @@ -34,11 +34,11 @@ satisfies: - control_key: CM-10 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* - The customer will be responsible for establishing any restrictions on + The organization will be responsible for establishing any restrictions on the use of open source software. A successful control response will describe any restrictions that the organization has in place. */' diff --git a/customer_cxo_controls/policies/CP-Contingency_Planning/component.yaml b/customer_cxo_controls/policies/CP-Contingency_Planning/component.yaml index eb28d3e..3eb26fd 100644 --- a/customer_cxo_controls/policies/CP-Contingency_Planning/component.yaml +++ b/customer_cxo_controls/policies/CP-Contingency_Planning/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: CP-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Contingency Planning policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Contingency Planning policy every years, and procedures annually. A successful response will need to address the review and update process, including the role(s) responsible for initiating the review diff --git a/customer_cxo_controls/policies/IA-Identification_and_Authentication/component.yaml b/customer_cxo_controls/policies/IA-Identification_and_Authentication/component.yaml index 324602b..25da1bd 100644 --- a/customer_cxo_controls/policies/IA-Identification_and_Authentication/component.yaml +++ b/customer_cxo_controls/policies/IA-Identification_and_Authentication/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: IA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Identification and Authentication policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Identification and Authentication policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible for diff --git a/customer_cxo_controls/policies/IR-Incident_Response/component.yaml b/customer_cxo_controls/policies/IR-Incident_Response/component.yaml index 9733af9..8f90833 100644 --- a/customer_cxo_controls/policies/IR-Incident_Response/component.yaml +++ b/customer_cxo_controls/policies/IR-Incident_Response/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: IR-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Incident Response policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, management @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Incident Response policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible for initiating the review diff --git a/customer_cxo_controls/policies/MA-Maintenance/component.yaml b/customer_cxo_controls/policies/MA-Maintenance/component.yaml index 19fb1d3..c8a0460 100644 --- a/customer_cxo_controls/policies/MA-Maintenance/component.yaml +++ b/customer_cxo_controls/policies/MA-Maintenance/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: MA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating System Maintenance policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the System Maintenance policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible for initiating the diff --git a/customer_cxo_controls/policies/MP-Media_Protection/component.yaml b/customer_cxo_controls/policies/MP-Media_Protection/component.yaml index a4ef93c..54f9791 100644 --- a/customer_cxo_controls/policies/MP-Media_Protection/component.yaml +++ b/customer_cxo_controls/policies/MP-Media_Protection/component.yaml @@ -10,7 +10,7 @@ satisfies: #- control_key: MP-1 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-1. @@ -20,7 +20,7 @@ satisfies: #- control_key: MP-2 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - text: | # Narrative text on how product can be configured against MP-2. diff --git a/customer_cxo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml b/customer_cxo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml index f08dfe4..14ca969 100644 --- a/customer_cxo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml +++ b/customer_cxo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml @@ -7,7 +7,7 @@ satisfies: # - control_key: PE-1 # standard_key: NIST-800-53 # covered_by: [] - # implimentation_status: none + # implementation_status: none # narrative: # - key: a # text: | diff --git a/customer_cxo_controls/policies/PL-Planning/component.yaml b/customer_cxo_controls/policies/PL-Planning/component.yaml index f9b10cf..f1458cd 100644 --- a/customer_cxo_controls/policies/PL-Planning/component.yaml +++ b/customer_cxo_controls/policies/PL-Planning/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: PL-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Security Planning policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Security Planning policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible for initiating diff --git a/customer_cxo_controls/policies/PS-Personnel_Security/component.yaml b/customer_cxo_controls/policies/PS-Personnel_Security/component.yaml index 9d71de0..04ecb91 100644 --- a/customer_cxo_controls/policies/PS-Personnel_Security/component.yaml +++ b/customer_cxo_controls/policies/PS-Personnel_Security/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: PS-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Personnel Security policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Personnel Security policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible for initiating the review @@ -34,12 +34,12 @@ satisfies: - control_key: PS-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for establishing sanctions process + The organization will be responsible for establishing sanctions process for non-compliance with policies and procedures. A successful control response will need to address different forms of non-compliance and specific measures that may be enforced for each. @@ -47,7 +47,7 @@ satisfies: - key: b text: | '//* - The customer will ne responsible for notifying interested personnel + The organization will ne responsible for notifying interested personnel when the sanctions process is initiated. A successful control response will need to delineate the relevant personnel to be notified, the roles or individuals responsible for notification, and the information diff --git a/customer_cxo_controls/policies/RA-Risk_Assessment/component.yaml b/customer_cxo_controls/policies/RA-Risk_Assessment/component.yaml index 137d88c..1ed8486 100644 --- a/customer_cxo_controls/policies/RA-Risk_Assessment/component.yaml +++ b/customer_cxo_controls/policies/RA-Risk_Assessment/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: RA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating Risk Assessment policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the + The organization will be responsible for reviewing and updating the Risk Assessment policy every 3 years, and procedures annually. A successful control repsonse will need to address the reiew and update process, including the role(s) repsonsible for initiating the review diff --git a/customer_cxo_controls/policies/SA-System_and_Services_Acquisition/component.yaml b/customer_cxo_controls/policies/SA-System_and_Services_Acquisition/component.yaml index c5abc8d..da22e9b 100644 --- a/customer_cxo_controls/policies/SA-System_and_Services_Acquisition/component.yaml +++ b/customer_cxo_controls/policies/SA-System_and_Services_Acquisition/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: SA-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating System and Services Aquisition policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, responsibilities, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the Audit + The organization will be responsible for reviewing and updating the Audit and Accountability policy every 3 years, and procedures annualy. A successful control response will need to address the review and update process, including the role(s) responsible for initiating the review diff --git a/customer_cxo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml b/customer_cxo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml index d07f427..0a28709 100644 --- a/customer_cxo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml +++ b/customer_cxo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml @@ -7,12 +7,12 @@ satisfies: - control_key: SC-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | '//* - The customer will be responsible for developing, documenting, and + The organization will be responsible for developing, documenting, and disseminating System and Communications Protection policy and procedures. A successful control response will need to address the content of the policy (which must include purpose, scope, roles, @@ -23,7 +23,7 @@ satisfies: - key: b text: | '//* - The customer will be responsible for reviewing and updating the System + The organization will be responsible for reviewing and updating the System and Communications Protection policy every 3 years, and procedures annually. A successful control response will need to address the review and update process, including the role(s) responsible for @@ -34,11 +34,11 @@ satisfies: - control_key: SC-17 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* - The customer will be responsible for defining and enforcing a + The organization will be responsible for defining and enforcing a policy for issuing public key certificates, or else to obtain public key certificates from an approved service provider. A successful control response will need to outline the policy and diff --git a/customer_cxo_controls/policies/SI-System_and_Information_Integrity/component.yaml b/customer_cxo_controls/policies/SI-System_and_Information_Integrity/component.yaml index fb4db0f..0d0277d 100644 --- a/customer_cxo_controls/policies/SI-System_and_Information_Integrity/component.yaml +++ b/customer_cxo_controls/policies/SI-System_and_Information_Integrity/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SI-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -34,7 +34,7 @@ satisfies: - control_key: SI-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | @@ -43,13 +43,13 @@ satisfies: alerts, advisories and directives. A successful control response will need to address the criteria used to determine what alerts, advisories, and directives are necessary, based on the specifics of - the customer mission, software, or service. + the organization mission, software, or service. */' - key: c text: | '//* The organization will be responsible for disseminating security - alerts, advisories and directives within the customer organization + alerts, advisories and directives within the organization organization and to external organizations as necessary. A successful control response will need to address the personnel or roles within the organization who require notificiation. @@ -58,7 +58,7 @@ satisfies: - control_key: SI-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -82,7 +82,7 @@ satisfies: - control_key: SI-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -96,7 +96,7 @@ satisfies: - control_key: SI-8 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/Makefile b/customer_pmo_controls/Makefile index 73c0052..50269ef 100644 --- a/customer_pmo_controls/Makefile +++ b/customer_pmo_controls/Makefile @@ -22,7 +22,7 @@ clean: rm -rf exports/ opencontrols/ pdf: exports - cd exports/ && gitbook pdf ./ ./OpenShift_v3_Compliance.pdf + cd exports/ && gitbook pdf ./ ./PMO_Controls_Compliance.pdf serve: exports cd exports && gitbook serve diff --git a/customer_pmo_controls/component.yaml b/customer_pmo_controls/component.yaml index 5f7316a..d60c0d4 100644 --- a/customer_pmo_controls/component.yaml +++ b/customer_pmo_controls/component.yaml @@ -1,17 +1,16 @@ documentation_complete: false schema_version: 3.0.0 -name: Red Hat OpenShift Enterprise v3 -references: - - name: Red Hat OpenShift Security Configuration Guide - path: https://tbd.com - type: URL -satisfies: - - control_key: AU-3 - covered_by: [] - implementation_status: complete - control_origin: "service provider system specific" - narrative: - - text: | - 'This is sample text on how OpenShift satisfies AU-3' - standard_key: NIST-800-53 - +name: Customer PMO (Information System) Controls +#references: +# - name: Red Hat OpenShift Security Configuration Guide +# path: https://tbd.com +# type: URL +#satisfies: +# - control_key: AU-3 +# covered_by: [] +# implementation_status: complete +# control_origin: "service provider system specific" +# narrative: +# - text: | +# 'This is sample text on how OpenShift satisfies AU-3' +# standard_key: NIST-800-53 diff --git a/customer_pmo_controls/policies/AC-Access_Control/component.yaml b/customer_pmo_controls/policies/AC-Access_Control/component.yaml index edaca12..a4a6ff2 100644 --- a/customer_pmo_controls/policies/AC-Access_Control/component.yaml +++ b/customer_pmo_controls/policies/AC-Access_Control/component.yaml @@ -1,13 +1,13 @@ --- documentation_complete: false -name: [PROGRAM MANAGEMENT OFFICE] Access Control +name: Access Control schema_version: 3.0.0 satisfies: - control_key: AC-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: Not applicable + implementation_status: Not applicable narrative: - key: a text: | @@ -109,7 +109,7 @@ satisfies: - control_key: AC-2 (7) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Implimented + implementation_status: Implimented narrative: - key: a text: | @@ -150,7 +150,7 @@ satisfies: - control_key: AC-2 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: Implemented + implementation_status: Implemented narrative: - text: | '//* @@ -165,7 +165,7 @@ satisfies: - control_key: AC-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -196,7 +196,7 @@ satisfies: - control_key: AC-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -211,7 +211,7 @@ satisfies: - control_key: AC-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -225,7 +225,7 @@ satisfies: - control_key: AC-6 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -239,7 +239,7 @@ satisfies: - control_key: AC-14 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -253,7 +253,7 @@ satisfies: - control_key: AC-17 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -277,7 +277,7 @@ satisfies: - control_key: AC-17 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/customer_pmo_controls/policies/AT-Awareness_and_Training/component.yaml b/customer_pmo_controls/policies/AT-Awareness_and_Training/component.yaml index ce1bd4d..377950d 100644 --- a/customer_pmo_controls/policies/AT-Awareness_and_Training/component.yaml +++ b/customer_pmo_controls/policies/AT-Awareness_and_Training/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: AT-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: 'a' text: | diff --git a/customer_pmo_controls/policies/AU-Audit_and_Accountability/component.yaml b/customer_pmo_controls/policies/AU-Audit_and_Accountability/component.yaml index 51f2301..cbf3b12 100644 --- a/customer_pmo_controls/policies/AU-Audit_and_Accountability/component.yaml +++ b/customer_pmo_controls/policies/AU-Audit_and_Accountability/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: AU-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: d text: | @@ -26,7 +26,7 @@ satisfies: - control_key: AU-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -39,7 +39,7 @@ satisfies: - control_key: AU-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -52,7 +52,7 @@ satisfies: - control_key: AU-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -74,7 +74,7 @@ satisfies: - control_key: AU-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -89,7 +89,7 @@ satisfies: - control_key: AU-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -107,7 +107,7 @@ satisfies: - control_key: AU-9 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -121,7 +121,7 @@ satisfies: - control_key: AU-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml b/customer_pmo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml index 303a1c3..f83e0dd 100644 --- a/customer_pmo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml +++ b/customer_pmo_controls/policies/CA-Security_Assessment_and_Authorization/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: CA-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -20,7 +20,7 @@ satisfies: - control_key: CA-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -36,7 +36,7 @@ satisfies: - control_key: CA-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -50,7 +50,7 @@ satisfies: - control_key: CA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -86,7 +86,7 @@ satisfies: - control_key: CA-3 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -102,7 +102,7 @@ satisfies: - control_key: CA-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: c text: | @@ -174,7 +174,7 @@ satisfies: - control_key: CA-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -191,7 +191,7 @@ satisfies: - control_key: CA-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -206,7 +206,7 @@ satisfies: - control_key: CA-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -218,7 +218,7 @@ satisfies: - control_key: CA-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/customer_pmo_controls/policies/CM-Configuration_Management/component.yaml b/customer_pmo_controls/policies/CM-Configuration_Management/component.yaml index d88afe9..922c6de 100644 --- a/customer_pmo_controls/policies/CM-Configuration_Management/component.yaml +++ b/customer_pmo_controls/policies/CM-Configuration_Management/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: CM-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -21,7 +21,7 @@ satisfies: - control_key: CM-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -43,7 +43,7 @@ satisfies: - control_key: CM-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -105,7 +105,7 @@ satisfies: - control_key: CM-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -121,7 +121,7 @@ satisfies: - control_key: CM-5 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -146,7 +146,7 @@ satisfies: - control_key: CM-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -174,7 +174,7 @@ satisfies: - control_key: CM-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -189,7 +189,7 @@ satisfies: - control_key: CM-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -216,7 +216,7 @@ satisfies: - control_key: CM-8 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -230,7 +230,7 @@ satisfies: - control_key: CM-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -277,7 +277,7 @@ satisfies: - control_key: CM-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -310,7 +310,7 @@ satisfies: - control_key: CM-11 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/customer_pmo_controls/policies/CP-Contingency_Planning/component.yaml b/customer_pmo_controls/policies/CP-Contingency_Planning/component.yaml index 520f7d0..47e73f9 100644 --- a/customer_pmo_controls/policies/CP-Contingency_Planning/component.yaml +++ b/customer_pmo_controls/policies/CP-Contingency_Planning/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: CP-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -73,7 +73,7 @@ satisfies: - control_key: CP-2 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -87,7 +87,7 @@ satisfies: - control_key: CP-2 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -100,7 +100,7 @@ satisfies: - control_key: CP-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -114,7 +114,7 @@ satisfies: - control_key: CP-2 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -130,7 +130,7 @@ satisfies: - control_key: CP-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -144,7 +144,7 @@ satisfies: - control_key: CP-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -174,7 +174,7 @@ satisfies: - control_key: CP-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -188,7 +188,7 @@ satisfies: - control_key: CP-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -207,7 +207,7 @@ satisfies: - control_key: CP-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -219,7 +219,7 @@ satisfies: - control_key: CP-6 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -233,7 +233,7 @@ satisfies: - control_key: CP-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -263,7 +263,7 @@ satisfies: - control_key: CP-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -279,7 +279,7 @@ satisfies: - control_key: CP-7 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -293,7 +293,7 @@ satisfies: - control_key: CP-7 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -306,7 +306,7 @@ satisfies: - control_key: CP-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -321,7 +321,7 @@ satisfies: - control_key: CP-8 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -345,7 +345,7 @@ satisfies: - control_key: CP-8 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -358,7 +358,7 @@ satisfies: - control_key: CP-10 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/policies/IR-Incident_Response/component.yaml b/customer_pmo_controls/policies/IR-Incident_Response/component.yaml index 71920f9..78ad150 100644 --- a/customer_pmo_controls/policies/IR-Incident_Response/component.yaml +++ b/customer_pmo_controls/policies/IR-Incident_Response/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: IR-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -42,7 +42,7 @@ satisfies: - control_key: IR-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -61,7 +61,7 @@ satisfies: - control_key: IR-3 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -76,7 +76,7 @@ satisfies: - control_key: IR-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -116,7 +116,7 @@ satisfies: - control_key: IR-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -130,7 +130,7 @@ satisfies: - control_key: IR-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -144,7 +144,7 @@ satisfies: - control_key: IR-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -170,7 +170,7 @@ satisfies: - control_key: IR-6 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -184,7 +184,7 @@ satisfies: - control_key: IR-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -198,7 +198,7 @@ satisfies: - control_key: IR-7 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -212,7 +212,7 @@ satisfies: - control_key: IR-7 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -240,7 +240,7 @@ satisfies: - control_key: IR-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -298,7 +298,7 @@ satisfies: - control_key: IR-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -355,7 +355,7 @@ satisfies: - control_key: IR-9 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -370,7 +370,7 @@ satisfies: - control_key: IR-9 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -385,7 +385,7 @@ satisfies: - control_key: IR-9 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -400,7 +400,7 @@ satisfies: - control_key: IR-9 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/policies/MA-Maintenance/component.yaml b/customer_pmo_controls/policies/MA-Maintenance/component.yaml index 5996422..fe1d5ce 100644 --- a/customer_pmo_controls/policies/MA-Maintenance/component.yaml +++ b/customer_pmo_controls/policies/MA-Maintenance/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: MA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: c text: | @@ -31,7 +31,7 @@ satisfies: - control_key: MA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -43,7 +43,7 @@ satisfies: - control_key: MA-3 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -56,7 +56,7 @@ satisfies: - control_key: MA-3 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -69,7 +69,7 @@ satisfies: - control_key: MA-3 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -86,7 +86,7 @@ satisfies: - control_key: MA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -105,7 +105,7 @@ satisfies: - control_key: MA-4 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -120,7 +120,7 @@ satisfies: - control_key: MA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -152,7 +152,7 @@ satisfies: - control_key: MA-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -181,7 +181,7 @@ satisfies: - control_key: MA-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml b/customer_pmo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml index 88f505c..843bc18 100644 --- a/customer_pmo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml +++ b/customer_pmo_controls/policies/PE-Physical_and_Environmental_Protection/component.yaml @@ -7,7 +7,7 @@ satisfies: #- control_key: PE-1 # standard_key: NIST-800-53 # covered_by: [] -# implimentation_status: none +# implementation_status: none # narrative: # - key: a # text: | diff --git a/customer_pmo_controls/policies/PL-Planning/component.yaml b/customer_pmo_controls/policies/PL-Planning/component.yaml index 052eb2d..8c32b7c 100644 --- a/customer_pmo_controls/policies/PL-Planning/component.yaml +++ b/customer_pmo_controls/policies/PL-Planning/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: PL-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -64,7 +64,7 @@ satisfies: - control_key: PL-2 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -80,7 +80,7 @@ satisfies: - control_key: PL-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -119,7 +119,7 @@ satisfies: - control_key: PL-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -133,7 +133,7 @@ satisfies: - control_key: PL-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/customer_pmo_controls/policies/PS-Personnel_Security/component.yaml b/customer_pmo_controls/policies/PS-Personnel_Security/component.yaml index 629a8f3..ef9022c 100644 --- a/customer_pmo_controls/policies/PS-Personnel_Security/component.yaml +++ b/customer_pmo_controls/policies/PS-Personnel_Security/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: PS-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -41,7 +41,7 @@ satisfies: - control_key: PS-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -63,7 +63,7 @@ satisfies: - control_key: PS-3 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -78,7 +78,7 @@ satisfies: - control_key: PS-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: c text: | @@ -119,7 +119,7 @@ satisfies: - control_key: PS-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -161,7 +161,7 @@ satisfies: - control_key: PS-6 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -195,7 +195,7 @@ satisfies: - control_key: PS-7 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/customer_pmo_controls/policies/RA-Risk_Assessment/component.yaml b/customer_pmo_controls/policies/RA-Risk_Assessment/component.yaml index 5374c3b..368f496 100644 --- a/customer_pmo_controls/policies/RA-Risk_Assessment/component.yaml +++ b/customer_pmo_controls/policies/RA-Risk_Assessment/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: RA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -42,7 +42,7 @@ satisfies: - control_key: RA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -107,7 +107,7 @@ satisfies: - control_key: RA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -152,7 +152,7 @@ satisfies: - control_key: RA-5 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -167,7 +167,7 @@ satisfies: - control_key: RA-5 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -181,7 +181,7 @@ satisfies: - control_key: RA-5 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -195,7 +195,7 @@ satisfies: - control_key: RA-5 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -209,7 +209,7 @@ satisfies: - control_key: RA-5 (6) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -222,7 +222,7 @@ satisfies: - control_key: RA-5 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/policies/SA-System_and_Services_Acquisition/component.yaml b/customer_pmo_controls/policies/SA-System_and_Services_Acquisition/component.yaml index 37f5163..65ee309 100644 --- a/customer_pmo_controls/policies/SA-System_and_Services_Acquisition/component.yaml +++ b/customer_pmo_controls/policies/SA-System_and_Services_Acquisition/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SA-2 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -39,7 +39,7 @@ satisfies: - control_key: SA-3 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -80,7 +80,7 @@ satisfies: - control_key: SA-4 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -157,7 +157,7 @@ satisfies: - control_key: SA-4 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -171,7 +171,7 @@ satisfies: - control_key: SA-4 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -187,7 +187,7 @@ satisfies: - control_key: SA-4 (8) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -201,7 +201,7 @@ satisfies: - control_key: SA-4 (9) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -215,7 +215,7 @@ satisfies: - control_key: SA-4 (10) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -231,7 +231,7 @@ satisfies: - control_key: SA-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -280,7 +280,7 @@ satisfies: - control_key: SA-8 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -293,7 +293,7 @@ satisfies: - control_key: SA-9 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -327,7 +327,7 @@ satisfies: - control_key: SA-9 (1) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -349,7 +349,7 @@ satisfies: - control_key: SA-9 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -363,7 +363,7 @@ satisfies: - control_key: SA-9 (4) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -377,7 +377,7 @@ satisfies: - control_key: SA-9 (5) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* diff --git a/customer_pmo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml b/customer_pmo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml index 97b9b16..5aa105d 100644 --- a/customer_pmo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml +++ b/customer_pmo_controls/policies/SC-Systems_and_Communications_Protection/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SC-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -22,7 +22,7 @@ satisfies: - control_key: SC-12 (2) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -37,7 +37,7 @@ satisfies: - control_key: SC-12 (3) standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - text: | '//* @@ -52,7 +52,7 @@ satisfies: - control_key: SC-15 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -81,7 +81,7 @@ satisfies: - control_key: SC-18 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -102,7 +102,7 @@ satisfies: - control_key: SC-19 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | diff --git a/customer_pmo_controls/policies/SI-System_and_Information_Integrity/component.yaml b/customer_pmo_controls/policies/SI-System_and_Information_Integrity/component.yaml index c48f29b..e554c79 100644 --- a/customer_pmo_controls/policies/SI-System_and_Information_Integrity/component.yaml +++ b/customer_pmo_controls/policies/SI-System_and_Information_Integrity/component.yaml @@ -7,7 +7,7 @@ satisfies: - control_key: SI-1 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: a text: | @@ -34,7 +34,7 @@ satisfies: - control_key: SI-5 standard_key: NIST-800-53 covered_by: [] - implimentation_status: none + implementation_status: none narrative: - key: b text: | diff --git a/opencontrol.yaml b/opencontrol.yaml index c180483..e4f7ab8 100644 --- a/opencontrol.yaml +++ b/opencontrol.yaml @@ -6,7 +6,51 @@ metadata: maintainers: - Shawn Wells (shawn@redhat.com) components: - - ./customer_cxo_controls - - ./customer_pmo_controls - - ./RHEL7 - - ./OpenShift-v3 +# First, organizational controls: + - ./customer_cxo_controls/policies/AC-Access_Control + - ./customer_cxo_controls/policies/AT-Awareness_and_Training + - ./customer_cxo_controls/policies/AU-Audit_and_Accountability + - ./customer_cxo_controls/policies/CA-Security_Assessment_and_Authorization + - ./customer_cxo_controls/policies/CM-Configuration_Management + - ./customer_cxo_controls/policies/CP-Contingency_Planning + - ./customer_cxo_controls/policies/IA-Identification_and_Authentication + - ./customer_cxo_controls/policies/IR-Incident_Response + - ./customer_cxo_controls/policies/MA-Maintenance + - ./customer_cxo_controls/policies/MP-Media_Protection + - ./customer_cxo_controls/policies/PE-Physical_and_Environmental_Protection + - ./customer_cxo_controls/policies/PL-Planning + - ./customer_cxo_controls/policies/PS-Personnel_Security + - ./customer_cxo_controls/policies/RA-Risk_Assessment + - ./customer_cxo_controls/policies/SA-System_and_Services_Acquisition + - ./customer_cxo_controls/policies/SC-Systems_and_Communications_Protection + - ./customer_cxo_controls/policies/SI-System_and_Information_Integrity + +# Second, add in PMO controls: +# - ./customer_pmo_controls/policies/AC-Access_Control +# - ./customer_pmo_controls/policies/AT-Awareness_and_Training +# - ./customer_pmo_controls/policies/AU-Audit_and_Accountability +# - ./customer_pmo_controls/policies/CA-Security_Assessment_and_Authorization +# - ./customer_pmo_controls/policies/CM-Configuration_Management +# - ./customer_pmo_controls/policies/CP-Contingency_Planning +# - ./customer_pmo_controls/policies/IA-Identification_and_Authentication +# - ./customer_pmo_controls/policies/IR-Incident_Response +# - ./customer_pmo_controls/policies/MA-Maintenance +# - ./customer_pmo_controls/policies/MP-Media_Protection +# - ./customer_pmo_controls/policies/PE-Physical_and_Environmental_Protection +# - ./customer_pmo_controls/policies/PL-Planning +# - ./customer_pmo_controls/policies/PS-Personnel_Security +# - ./customer_pmo_controls/policies/RA-Risk_Assessment +# - ./customer_pmo_controls/policies/SA-System_and_Services_Acquisition +# - ./customer_pmo_controls/policies/SC-Systems_and_Communications_Protection +# - ./customer_pmo_controls/policies/SI-System_and_Information_Integrity + +dependencies: + standards: + - url: https://github.com/opencontrol/NIST-800-53-Standards + revision: master + certifications: + - url: https://github.com/opencontrol/FedRAMP-Certifications + revision: master +# systems: +# - url: https://github.com/shawndwells/opencontrol-openshift +# revision: master