Implement SecurityReaderRoleAssigned metric#174
Conversation
| @@ -0,0 +1,11 @@ | |||
| # ====== Metadata ====== | |||
| id: SecurityReaderRoleAssigned | |||
| description: This rule assesses whether a [RoleAssignment] covering cryptographic oversight responsibilities has the property [p1:securityReaderRoleAssigned] indicating that at least one [Identity] is assigned to fulfil the responsibility. | |||
There was a problem hiding this comment.
As far as I can see, the RoleAssignment Resource does not yet have any properties defined in the ontology. So, we need to adapt there and add something like a list of permissions.
| description: This rule assesses whether a [RoleAssignment] covering cryptographic oversight responsibilities has the property [p1:securityReaderRoleAssigned] indicating that at least one [Identity] is assigned to fulfil the responsibility. | ||
| category: CryptographyEncryptionKeyManagement | ||
| version: "1.0" | ||
| comments: Security reader duties should never remain unassigned; the metric also evaluates available user assignments to ensure the role is covered. |
There was a problem hiding this comment.
I think we could phrase this more clearly: Why should they never be unassigned? What's the duty of a security reader?
There was a problem hiding this comment.
I tried to change the description. Please let me know if there is anything I should change.
|
|
||
| applicable if { | ||
| flag := security_reader_role_flag | ||
| flag == false |
There was a problem hiding this comment.
Why is it applicable if the role flag is true AND it is applicable if it is false?
There was a problem hiding this comment.
You are right. It should be fixed right now. Thank you !
| } | ||
|
|
||
| security_reader_assigned_users_available if { | ||
| security_reader_assigned_users |
There was a problem hiding this comment.
This seems redundant. Why not directly check for security_ready_assigned_users?
There was a problem hiding this comment.
I changed it accordingly , thank you :)
4aeb21d to
d2c9540
Compare
No description provided.