Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add RISK support in to component definition spread sheet (csv) support #1544

Open
degenaro opened this issue May 16, 2024 · 3 comments · May be fixed by #1577
Open

Add RISK support in to component definition spread sheet (csv) support #1544

degenaro opened this issue May 16, 2024 · 3 comments · May be fixed by #1577
Assignees
@degenaro
Labels
enhancement New feature or request
Milestone
v3.1.0

Comments

@degenaro
Copy link
Collaborator

Issue description / feature objectives

Add the following optional columns as expected but optional to the csv-to-oscal-cd task:

  • $Original_Risk_Rating
    • Provide the Original Risk Rating from the scanner
  • $Adjusted_Risk_Rating
    • Provide the Adjusted Risk Rating as approved by the CIO
  • $Risk_Adjustment
    • Whether there was a Risk Adjustment

These values, if specified, are to be added to the resulting OSCAL component definition as Properties.

Caveats / Assumptions

Provide sample/test/tutorial csv's with these additional fields/descriptions.

Completion Criteria

Test cases for code coverage added.
@jpower432 jpower432 added the enhancement New feature or request label May 31, 2024
@jpower432 jpower432 added this to the v3.1.0 milestone May 31, 2024
@Ma1h01
Copy link
Collaborator

Ma1h01 commented Jun 6, 2024

Do risk-related columns need special handling? For example, they are ignored or required for validation component type?

@degenaro
Copy link
Collaborator Author

degenaro commented Jun 6, 2024 via email

@Ma1h01
Copy link
Collaborator

Ma1h01 commented Jun 6, 2024

My approach to this issue is as follows:

In csv-to-oscal-cd.py:

  1. Add three constants to represent the three risk headings.
  2. Add the constants to the _columns_optional and _rule_property_column_names lists because they are optional and not required when component type is validation.
  3. Modify the print_info() to correctly show the three newly added optional headings.

Then, make a new csv file with all three risk headings added for testing.

In csv-to-oscal-cd-test.py:

  1. Write one test case to verify the presence of the three risk props in the resulting component-definition.json.
  2. Write one test case to verify the absence of the three risk props in the resulting component-definition.json, when the component type is validation.

@Ma1h01 Ma1h01 linked a pull request Jun 7, 2024 that will close this issue
Open
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@degenaro degenaro

Labels
enhancement New feature or request
Projects
None yet
Milestone
v3.1.0
Development

Successfully merging a pull request may close this issue.

feat: add risk properties support to csv-to-oscal-cd task oscal-compass/compliance-trestle
3 participants
@degenaro @jpower432 @Ma1h01