Skip to content

metrics: Fill in Amoe metric templates#218

Open
franzling wants to merge 26 commits into
Cybersecurity-Certification-Hub:mainfrom
franzling:amoe-metric-templates
Open

metrics: Fill in Amoe metric templates#218
franzling wants to merge 26 commits into
Cybersecurity-Certification-Hub:mainfrom
franzling:amoe-metric-templates

Conversation

@franzling

@franzling franzling commented Dec 3, 2025

Copy link
Copy Markdown
Contributor

Draft of AMOE metric contents including the metric.rego files
The parameters need to be included into the ontology.

To propose a new compliance metric, please make sure to check off each box below:

  • I have created a folder with the new within an existing category folder (e.g., metrics/EndpointSecurity) or create a new category folder.
  • I have created a file data.json (example).
  • I have created a file .yaml (example).
  • I have created a file metric.rego (example).
  • The <metric.rego> file is valid according to the JSON schema.
  • The properties used in the .yaml and metric.rego files are available in the Ontology.
  • I have added a reviewer (e.g., @immqu).

@anatheka anatheka changed the base branch from amoe-metric-templates to main January 13, 2026 10:16

@anatheka anatheka left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We changed the target branch to main.

Please update the following points:

  • Rename folder and name fields to self-explaining names without Q1, Q2, ...
  • Change targetValues to integer values, if you use the operator "<=" or similar
  • Only use sentences like "The rule assesses whether ..." in the description . The other information move to the comment part.
  • Delete | Selector: PolicyDocument (Resource Type) and change [Resource]to [PolicyDocument] in the description part.
  • Delete TBD in the comments part if not needed.
  • Add the resource type check in applicable in the metric.rego files, see comment.

Comment thread metrics/Assessment Inquireies/MonitoringReviewFrequency/metric.rego
Comment thread metrics/Asset Management/AssetInventoryAuditFrequencyQ5/metric.rego Outdated
@lebogg lebogg added the EMERALD label Jan 15, 2026
Comment thread metrics/Assessment Inquireies/MonitoringReviewFrequency/data.json Outdated

@lebogg lebogg left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my suggested changes. For each metric:

  • Fix the package name (same as metric folder name but in snake case)
  • I would use the Selector part within the Description and remove it from the comments (The reason: For now it is only Policy Document relevant. Later, if we say also another collector will use this, we can still generalize it to "Resource")
  • I would remove the "Previous name..." part from the comments.

Comment thread metrics/Identity &amp; Access Management/AccessAttempt/AccessAttempt.yaml Outdated
Comment thread metrics/Assessment Inquireies/MonitoringReviewFrequency/metric.rego Outdated
franzling and others added 3 commits January 21, 2026 12:20
….rego

Co-authored-by: Nico Haas <40119051+lebogg@users.noreply.github.com>
…ringReviewFrequency.yaml

Co-authored-by: Nico Haas <40119051+lebogg@users.noreply.github.com>

@anatheka anatheka left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A first review: I couldn’t read all metrics, but I’ve read some in detail and skimmed others.

I think it already looks very good, I just have a few comments:

  • Most of my comments apply to all metrics—for example, specifying the “time period” in the comments so it’s clear what time period exactly is to be checked.
  • As mentioned in the comment for the metric MonitoringReviewFrequency, please delete or remove the specific AMOE or EMERALD information from the comments section and use the PolicyDocument as specific resource in the description.

category: "Cryptography and Key Management"
version: "1.0"
comments: "TBD"
comments: "This metric assesses the required minimum AES key length. | Selector: PolicyDocument (Resource Type) [Previous name: EncryptionPolicyQ4]"

@anatheka anatheka Jan 23, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m thinking about whether it would make sense to indicate directly in the metric name that it represents a policy evaluation. What do you think @lebogg ?

If we want to do so, we should do it in the other metrics as well.

Comment thread metrics/Identity &amp; Access Management/AccessAttempt/AccessAttempt.yaml Outdated
@franzling

Copy link
Copy Markdown
Contributor Author

addressed proposals over all files. please review

@anatheka anatheka changed the title Fill in Amoe metric templates metrics: Fill in Amoe metric templates Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants