-
Notifications
You must be signed in to change notification settings - Fork 6
metrics: Fill in Amoe metric templates #218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
franzling
wants to merge
26
commits into
Cybersecurity-Certification-Hub:main
Choose a base branch
from
franzling:amoe-metric-templates
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 16 commits
Commits
Show all changes
26 commits
Select commit
Hold shift + click to select a range
a686b35
Add templates
lebogg c8ce877
update keywords list
franzling c4f4183
update first batch
franzling 1ac8638
updates part 2
franzling 3cffeb8
update rego for small subset
franzling b06a0f0
add compare functions
franzling 00df790
add compare functions
franzling 314e544
add missing ]
franzling f64143b
add applicable if
franzling f7ad172
move old description into comment
franzling 1c39451
fix - check resource type
franzling b88441c
add hint about target value measurement unit
franzling 8e3418a
update metric names in files
franzling 71430b6
rename folders and files according to metric names
franzling 7fe7811
update comments for previous file / metric name
franzling 0194ad0
make target value numerical if possible
franzling 0dc4312
Update metrics/Assessment Inquireies/MonitoringReviewFrequency/metric…
franzling 964412a
Update metrics/Assessment Inquireies/MonitoringReviewFrequency/Monito…
franzling 12dca45
update AccessAttempt metric
franzling a5de301
remove selector, update resource
franzling e27ec5c
mved previous name to amoe properties
franzling 45fdeb7
add measurement comment
franzling fb1dd42
updated measurement comment
franzling fe629d0
Merge branch 'main' into amoe-metric-templates
anatheka 8606766
Merge branch 'main' into amoe-metric-templates
anatheka 4849200
Merge branch 'main' into amoe-metric-templates
anatheka File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
16 changes: 16 additions & 0 deletions
16
metrics/Assessment Inquireies/MonitoringReviewFrequency/MonitoringReviewFrequency.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "d0f6a13b-e742-42ff-bf69-9ee077be3b42" | ||
| name: "MonitoringReviewFrequency" | ||
| description: "This rule assesses whether a [Resource] that offers the property [MonitoringProcedure], has [p1:reviewInterval] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "How often are monitoring procedures reviewed to ensure compliance with legal and internal policies?" | ||
|
lebogg marked this conversation as resolved.
|
||
| keywords: ["monitoring review", "effectiveness", "compliance", "frequency"] | ||
| category: "Assessment Inquireies" | ||
| version: "1.0" | ||
| comments: "This metric assesses the frequency of monitoring procedure reviews for compliance. | Selector: PolicyDocument (Resource Type) [TargetValue is measured in months] [Previous name: MonitoringReviewFrequencyQ3]" | ||
|
anatheka marked this conversation as resolved.
Outdated
franzling marked this conversation as resolved.
Outdated
|
||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "<=" | ||
| targetValue: 12 | ||
4 changes: 4 additions & 0 deletions
4
metrics/Assessment Inquireies/MonitoringReviewFrequency/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "<=", | ||
| "target_value": 12 | ||
| } |
23 changes: 23 additions & 0 deletions
23
metrics/Assessment Inquireies/MonitoringReviewFrequency/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| package cch.metrics.monitoring_review_frequency_q3 | ||
|
franzling marked this conversation as resolved.
Outdated
|
||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document.MonitoringProcedure.reviewInterval) | ||
| } | ||
|
|
||
| message := "Monitoring procedures are reviewed frequently enough to ensure compliance." if { | ||
|
lebogg marked this conversation as resolved.
|
||
| compliant | ||
| } else := "Monitoring procedures are not reviewed frequently enough to ensure compliance. Review frequency should be within the specified interval." if { | ||
| not compliant | ||
| } | ||
|
|
||
16 changes: 16 additions & 0 deletions
16
metrics/Asset Management/AssetInventoryAuditFrequency/AssetInventoryAuditFrequency.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "e6eff50d-2936-4734-9764-c80350383d91" | ||
| name: "AssetInventoryAuditFrequency" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AssetInventory], has [p1:auditInterval] set correctly." | ||
|
anatheka marked this conversation as resolved.
Outdated
|
||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "How often is the asset inventory audit done?" | ||
| keywords: ["audit", "frequency", "inventory"] | ||
| category: "Asset Management" | ||
| version: "1.0" | ||
| comments: "This metric assesses the frequency of asset inventory audits. | Selector: PolicyDocument (Resource Type) [TargetValue is measured in months] [Previous name: AssetInventoryAuditFrequencyQ5]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "<=" | ||
| targetValue: 12 | ||
4 changes: 4 additions & 0 deletions
4
metrics/Asset Management/AssetInventoryAuditFrequency/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "<=", | ||
| "target_value": 12 | ||
| } |
22 changes: 22 additions & 0 deletions
22
metrics/Asset Management/AssetInventoryAuditFrequency/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| package cch.metrics.asset_inventory_audit_frequency_q5 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document.AssetInventory.auditInterval) | ||
| } | ||
|
|
||
| message := "Asset inventory audits are performed frequently enough." if { | ||
| compliant | ||
| } else := "Asset inventory audits are not performed frequently enough. Audit frequency should be within the specified interval." if { | ||
| not compliant | ||
| } |
16 changes: 16 additions & 0 deletions
16
...t Management/AssetInventoryDigitalAuditFrequency/AssetInventoryDigitalAuditFrequency.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "50c0d4d5-1780-473d-b7fd-dcd0a159fe60" | ||
| name: "AssetInventoryDigitalAuditFrequency" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AssetInventory.Digital], has [p1:auditInterval] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "How frequently are security audits done for digital assets?" | ||
| keywords: ["data backup", "firewalls", "frequency", "compliance"] | ||
| category: "Asset Management" | ||
| version: "1.0" | ||
| comments: "This metric assesses the frequency of digital asset security audits. | Selector: PolicyDocument (Resource Type) [TargetValue is measured in months] [Previous name: AssetInventoryDigitalQ6]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "<=" | ||
| targetValue: 12 |
4 changes: 4 additions & 0 deletions
4
metrics/Asset Management/AssetInventoryDigitalAuditFrequency/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "<=", | ||
| "target_value": 12 | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Asset Management/AssetInventoryDigitalAuditFrequency/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.asset_inventory_digital_q6 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:AssetInventory.Digital.auditInteval) | ||
| } |
16 changes: 16 additions & 0 deletions
16
metrics/Asset Management/AssetInventoryFrequency/AssetInventoryFrequency.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "1d08ba6e-dfb6-4b63-9faf-59fc56286ad2" | ||
| name: "AssetInventoryFrequency" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AssetInventory], has [p1:inventoryInterval] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "How often is the asset inventory done?" | ||
| keywords: ["audit", "frequency", "inventory"] | ||
| category: "Asset Management" | ||
| version: "1.0" | ||
| comments: "This metric assesses the frequency of asset inventory updates. | Selector: PolicyDocument (Resource Type) [TargetValue is measured in months] [Previous name: AssetInventoryFrequencyQ2]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "<=" | ||
| targetValue: 12 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "<=", | ||
| "target_value": 12 | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Asset Management/AssetInventoryFrequency/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.asset_inventory_frequency_q2 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:AssetInventory.inventoryInterval) | ||
| } |
16 changes: 16 additions & 0 deletions
16
...nagement/AssetInventoryStatusManagementOptions/AssetInventoryStatusManagementOptions.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "9ff75498-e0b8-4ffc-b69d-bdaac9233a9d" | ||
| name: "AssetInventoryStatusManagementOptions" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AssetInventory.AssetStatus], has [p1:statusOption] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "What status do the assets have?" | ||
| keywords: ["asset status", "coverage", "completeness", "inventory"] | ||
| category: "Asset Management" | ||
| version: "1.0" | ||
| comments: "This metric assesses the current status of assets. | Selector: PolicyDocument (Resource Type) [Previous name: AssetInventoryStatusManagementQ4]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "==" | ||
| targetValue: "[active, inactive, under repair, disposed, donated, lost]" |
4 changes: 4 additions & 0 deletions
4
metrics/Asset Management/AssetInventoryStatusManagementOptions/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "==", | ||
| "target_value": "[active, inactive, under repair, disposed, donated, lost]" | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Asset Management/AssetInventoryStatusManagementOptions/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.asset_inventory_status_management_q4 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:AssetInventory.AssetStatus.statusOption) | ||
| } |
16 changes: 16 additions & 0 deletions
16
...InventoryStatusManagementUpdateInterval/AssetInventoryStatusManagementUpdateInterval.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "9740e1ae-6d64-4b7e-8c26-b9a51d98a192" | ||
| name: "AssetInventoryStatusManagementUpdateInterval" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AssetInventory.AssetStatus], has [p1:updateInterval] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "Within what timeframe must changes in asset status be recorded in the inventory system?" | ||
| keywords: ["asset status", "inventory"] | ||
| category: "Asset Management" | ||
| version: "1.0" | ||
| comments: "This metric assesses the required timeframe for recording asset status changes. | Selector: PolicyDocument (Resource Type) [TargetValue is measured in months] [Previous name: AssetInventoryStatusManagementQ3]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "<=" | ||
| targetValue: 12 |
4 changes: 4 additions & 0 deletions
4
metrics/Asset Management/AssetInventoryStatusManagementUpdateInterval/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "<=", | ||
| "target_value": 12 | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Asset Management/AssetInventoryStatusManagementUpdateInterval/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.asset_inventory_status_management_q3 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:AssetInventory.AssetStatus.updateInterval) | ||
| } |
16 changes: 16 additions & 0 deletions
16
metrics/Asset Management/AssetInventoryStorageCheck/AssetInventoryStorageCheck.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "70a7b588-c5bf-4038-8e2a-8b46211ffaa2" | ||
| name: "AssetInventoryStorageCheck" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AssetInventory], has [p1:storage] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "In which type of facility are asset records stored?" | ||
| keywords: ["asset records", "facility type", "storage"] | ||
| category: "Asset Management" | ||
| version: "1.0" | ||
| comments: "This metric assesses the facility type used to store asset records. | Selector: PolicyDocument (Resource Type) [Previous name: AssetInventoryStorageCheckQ1]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "isIn" | ||
| targetValue: "[centrally, decentralized, distributed, central]" |
4 changes: 4 additions & 0 deletions
4
metrics/Asset Management/AssetInventoryStorageCheck/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "isIn", | ||
| "target_value": "[centrally, decentralized, distributed, central]" | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Asset Management/AssetInventoryStorageCheck/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.asset_inventory_storage_check_q1 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:AssetInventory.storage) | ||
| } |
16 changes: 16 additions & 0 deletions
16
metrics/Change and Configuration Managment/AccessControlType/AccessControlType.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "7bd89d65-02ad-480a-ad5f-06ba661d15b0" | ||
| name: "AccessControlType" | ||
| description: "This rule assesses whether a [Resource] that offers the property [AccessControl], has [p1:type] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "Which type of access control is used?" | ||
| keywords: ["access control", "security model", "permissions", "RBAC", "DAC", "MAC"] | ||
| category: "Change and Configuration Managment" | ||
| version: "1.0" | ||
| comments: "This metric assesses the type of access control implemented. | Selector: PolicyDocument (Resource Type) [Previous name: AccessControlTypeQ1]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "isIn" | ||
| targetValue: "[RBAC, DAC, MAC]" |
4 changes: 4 additions & 0 deletions
4
metrics/Change and Configuration Managment/AccessControlType/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "isIn", | ||
| "target_value": "[RBAC, DAC, MAC]" | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Change and Configuration Managment/AccessControlType/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.access_control_type_q1 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:AccessControl.type) | ||
| } |
16 changes: 16 additions & 0 deletions
16
...n Security/NetworkSecurityPolicyMitigationScope/NetworkSecurityPolicyMitigationScope.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "e70bb32d-5313-44df-9668-df5669e764f6" | ||
| name: "NetworkSecurityPolicyMitigationScope" | ||
| description: "This rule assesses whether a [Resource] that offers the property [NetworkSecurity], has [p1:mitigationScope] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "Which network-level attacks are mitigated by the implemented mechanisms?" | ||
| keywords: ["network security", "DoS", "DDoS", "proxy", "IDS", "Denial of service protection"] | ||
| category: "Communication Security" | ||
| version: "1.0" | ||
| comments: "This metric assesses the network-level attacks addressed by implemented mechanisms. | Selector: PolicyDocument (Resource Type) [Previous name: NetworkSecurityPolicy01]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "isIn" | ||
| targetValue: "[dos, denial of service]" |
4 changes: 4 additions & 0 deletions
4
metrics/Communication Security/NetworkSecurityPolicyMitigationScope/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "isIn", | ||
| "target_value": "[dos, denial of service]" | ||
| } |
17 changes: 17 additions & 0 deletions
17
metrics/Communication Security/NetworkSecurityPolicyMitigationScope/metric.rego
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package cch.metrics.network_security_policy01 | ||
|
|
||
| import data.cch.compare | ||
| import rego.v1 | ||
| import input as document | ||
|
|
||
| default applicable := false | ||
|
|
||
| default compliant := false | ||
|
|
||
| applicable if { | ||
| "PolicyDocument" in document.type | ||
| } | ||
|
|
||
| compliant if { | ||
| compare(data.operator, data.target_value, document:NetworkSecurity.mitigationScope) | ||
| } |
16 changes: 16 additions & 0 deletions
16
metrics/Compliance/ComplianceManagementAuditInterval/ComplianceManagementAuditInterval.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # ====== Metadata ====== | ||
| id: "df639bbe-64df-406a-87ac-5935fb5a922b" | ||
| name: "ComplianceManagementAuditInterval" | ||
| description: "This rule assesses whether a [Resource] that offers the property [Audit], has [p1:interval] set correctly." | ||
| implementationGuidelines: | ||
| AMOE: | ||
| question: "How often are procedures checked and that all requirements are met?" | ||
| keywords: ["compliance checks", "frequency", "requirements verification"] | ||
| category: "Compliance" | ||
| version: "1.0" | ||
| comments: "This metric assesses the frequency of checks for compliance with requirements. | Selector: PolicyDocument (Resource Type) [TargetValue is measured in months] [Previous name: ComplianceManagementQ2]" | ||
| # ====== Configuration ====== | ||
| configuration: | ||
| p1: | ||
| operator: "<=" | ||
| targetValue: 12 |
4 changes: 4 additions & 0 deletions
4
metrics/Compliance/ComplianceManagementAuditInterval/data.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| { | ||
| "operator": "<=", | ||
| "target_value": 12 | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.