-
Notifications
You must be signed in to change notification settings - Fork 1.8k
feat(compliance): add FedRAMP 20x KSI compliance framework #8512
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ethanolivertroy
wants to merge
14
commits into
prowler-cloud:master
Choose a base branch
from
ethanolivertroy:feature/fedramp-20x-ksi-compliance
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
8d1e9f5
feat(aws): add Resource Control Policies (RCP) support and security c…
ethanolivertroy c23df45
fix: update ReadTheDocs configuration to use pip instead of Poetry
ethanolivertroy ff53a7d
Merge branch 'prowler-cloud:master' into master
ethanolivertroy ae54280
Merge branch 'prowler-cloud:master' into master
ethanolivertroy 1993294
Merge branch 'prowler-cloud:master' into master
ethanolivertroy 656f41f
feat: Add FedRAMP 20x Key Security Indicators (KSIs) compliance frame…
ethanolivertroy f9a6203
feat: Add dashboard compliance modules for FedRAMP 20x KSI frameworks
ethanolivertroy 68f8f39
Remove FEDRAMP_20X_KSI_README.md - not needed for main repo
ethanolivertroy 404c1ba
test: Add comprehensive unit tests for FedRAMP 20x KSI compliance fra…
ethanolivertroy 60f7aba
Merge branch 'prowler-cloud:master' into feature/fedramp-20x-ksi-comp…
ethanolivertroy e4c4d7a
feat: Add FedRAMP 20x KSI compliance framework with tests
ethanolivertroy b07d179
chore: revision
MrCloudSec 24d9d57
fix(tests): correct FedRAMP KSI identifiers to match official schema
ethanolivertroy c8d2e2d
fix(tests): complete FedRAMP KSI identifier fixes from code review
ethanolivertroy File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| import warnings | ||
|
|
||
| from dashboard.common_methods import get_section_containers_cis | ||
|
|
||
| warnings.filterwarnings("ignore") | ||
|
|
||
|
|
||
| def get_table(data): | ||
| aux = data[ | ||
| [ | ||
| "REQUIREMENTS_ID", | ||
| "REQUIREMENTS_DESCRIPTION", | ||
| "REQUIREMENTS_ATTRIBUTES_SECTION", | ||
| "CHECKID", | ||
| "STATUS", | ||
| "REGION", | ||
| "ACCOUNTID", | ||
| "RESOURCEID", | ||
| ] | ||
| ].copy() | ||
|
|
||
| # Shorten the long FedRAMP KSI descriptions for better display | ||
| ksi_short_names = { | ||
| "A secure cloud service offering will protect user data, control access, and apply zero trust principles": "Identity and Access Management", | ||
| "A secure cloud service offering will use cloud native architecture and design principles to enforce and enhance the Confidentiality, Integrity and Availability of the system": "Cloud Native Architecture", | ||
| "A secure cloud service provider will ensure that all system changes are properly documented and configuration baselines are updated accordingly": "Change Management", | ||
| "A secure cloud service provider will continuously educate their employees on cybersecurity measures, testing them regularly": "Cybersecurity Education", | ||
| "A secure cloud service offering will document, report, and analyze security incidents to ensure regulatory compliance and continuous security improvement": "Incident Reporting", | ||
| "A secure cloud service offering will monitor, log, and audit all important events, activity, and changes": "Monitoring, Logging, and Auditing", | ||
| "A secure cloud service offering will have intentional, organized, universal guidance for how every information resource, including personnel, is secured": "Policy and Inventory", | ||
| "A secure cloud service offering will define, maintain, and test incident response plan(s) and recovery capabilities to ensure minimal service disruption and data loss": "Recovery Planning", | ||
| "A secure cloud service offering will follow FedRAMP encryption policies, continuously verify information resource integrity, and restrict access to third-party information resources": "Service Configuration", | ||
| "A secure cloud service offering will understand, monitor, and manage supply chain risks from third-party information resources": "Third-Party Information Resources", | ||
| } | ||
|
|
||
| # Replace long descriptions with short names - use contains for partial matching | ||
| if not aux.empty: | ||
| for long_desc, short_name in ksi_short_names.items(): | ||
| mask = aux["REQUIREMENTS_DESCRIPTION"].str.contains( | ||
| long_desc, na=False, regex=False | ||
| ) | ||
| aux.loc[mask, "REQUIREMENTS_DESCRIPTION"] = short_name | ||
|
|
||
| return get_section_containers_cis( | ||
| aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION" | ||
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| import warnings | ||
|
|
||
| from dashboard.common_methods import get_section_containers_cis | ||
|
|
||
| warnings.filterwarnings("ignore") | ||
|
|
||
|
|
||
| def get_table(data): | ||
| aux = data[ | ||
| [ | ||
| "REQUIREMENTS_ID", | ||
| "REQUIREMENTS_DESCRIPTION", | ||
| "REQUIREMENTS_ATTRIBUTES_SECTION", | ||
| "CHECKID", | ||
| "STATUS", | ||
| "REGION", | ||
| "ACCOUNTID", | ||
| "RESOURCEID", | ||
| ] | ||
| ].copy() | ||
|
|
||
| # Shorten the long FedRAMP KSI descriptions for better display | ||
| ksi_short_names = { | ||
| "A secure cloud service offering will protect user data, control access, and apply zero trust principles": "Identity and Access Management", | ||
| "A secure cloud service offering will use cloud native architecture and design principles to enforce and enhance the Confidentiality, Integrity and Availability of the system": "Cloud Native Architecture", | ||
| "A secure cloud service provider will ensure that all system changes are properly documented and configuration baselines are updated accordingly": "Change Management", | ||
| "A secure cloud service provider will continuously educate their employees on cybersecurity measures, testing them regularly": "Cybersecurity Education", | ||
| "A secure cloud service offering will document, report, and analyze security incidents to ensure regulatory compliance and continuous security improvement": "Incident Reporting", | ||
| "A secure cloud service offering will monitor, log, and audit all important events, activity, and changes": "Monitoring, Logging, and Auditing", | ||
| "A secure cloud service offering will have intentional, organized, universal guidance for how every information resource, including personnel, is secured": "Policy and Inventory", | ||
| "A secure cloud service offering will define, maintain, and test incident response plan(s) and recovery capabilities to ensure minimal service disruption and data loss": "Recovery Planning", | ||
| "A secure cloud service offering will follow FedRAMP encryption policies, continuously verify information resource integrity, and restrict access to third-party information resources": "Service Configuration", | ||
| "A secure cloud service offering will understand, monitor, and manage supply chain risks from third-party information resources": "Third-Party Information Resources", | ||
| } | ||
|
|
||
| # Replace long descriptions with short names - use contains for partial matching | ||
| if not aux.empty: | ||
| for long_desc, short_name in ksi_short_names.items(): | ||
| mask = aux["REQUIREMENTS_DESCRIPTION"].str.contains( | ||
| long_desc, na=False, regex=False | ||
| ) | ||
| aux.loc[mask, "REQUIREMENTS_DESCRIPTION"] = short_name | ||
|
|
||
| return get_section_containers_cis( | ||
| aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION" | ||
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| import warnings | ||
|
|
||
| from dashboard.common_methods import get_section_containers_cis | ||
|
|
||
| warnings.filterwarnings("ignore") | ||
|
|
||
|
|
||
| def get_table(data): | ||
| aux = data[ | ||
| [ | ||
| "REQUIREMENTS_ID", | ||
| "REQUIREMENTS_DESCRIPTION", | ||
| "REQUIREMENTS_ATTRIBUTES_SECTION", | ||
| "CHECKID", | ||
| "STATUS", | ||
| "REGION", | ||
| "ACCOUNTID", | ||
| "RESOURCEID", | ||
| ] | ||
| ].copy() | ||
|
|
||
| # Shorten the long FedRAMP KSI descriptions for better display | ||
| ksi_short_names = { | ||
| "A secure cloud service offering will protect user data, control access, and apply zero trust principles": "Identity and Access Management", | ||
| "A secure cloud service offering will use cloud native architecture and design principles to enforce and enhance the Confidentiality, Integrity and Availability of the system": "Cloud Native Architecture", | ||
| "A secure cloud service provider will ensure that all system changes are properly documented and configuration baselines are updated accordingly": "Change Management", | ||
| "A secure cloud service provider will continuously educate their employees on cybersecurity measures, testing them regularly": "Cybersecurity Education", | ||
| "A secure cloud service offering will document, report, and analyze security incidents to ensure regulatory compliance and continuous security improvement": "Incident Reporting", | ||
| "A secure cloud service offering will monitor, log, and audit all important events, activity, and changes": "Monitoring, Logging, and Auditing", | ||
| "A secure cloud service offering will have intentional, organized, universal guidance for how every information resource, including personnel, is secured": "Policy and Inventory", | ||
| "A secure cloud service offering will define, maintain, and test incident response plan(s) and recovery capabilities to ensure minimal service disruption and data loss": "Recovery Planning", | ||
| "A secure cloud service offering will follow FedRAMP encryption policies, continuously verify information resource integrity, and restrict access to third-party information resources": "Service Configuration", | ||
| "A secure cloud service offering will understand, monitor, and manage supply chain risks from third-party information resources": "Third-Party Information Resources", | ||
| } | ||
|
|
||
| # Replace long descriptions with short names - use contains for partial matching | ||
| if not aux.empty: | ||
| for long_desc, short_name in ksi_short_names.items(): | ||
| mask = aux["REQUIREMENTS_DESCRIPTION"].str.contains( | ||
| long_desc, na=False, regex=False | ||
| ) | ||
| aux.loc[mask, "REQUIREMENTS_DESCRIPTION"] = short_name | ||
|
|
||
| return get_section_containers_cis( | ||
| aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION" | ||
| ) | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.