generated from finos/standards-project-blueprint
-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Eddie Knight <[email protected]>
- Loading branch information
1 parent
0f7b115
commit 37f7b2b
Showing
1 changed file
with
112 additions
and
112 deletions.
There are no files selected for viewing
224 changes: 112 additions & 112 deletions
224
docs/governance/community-guidelines/templates/schemas/controls-schema.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,123 +1,123 @@ | ||
| { | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "properties": { | ||
| "common_controls": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "IDs of common controls; can be omitted if not applicable" | ||
| } | ||
| }, | ||
| "controls": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "id": { | ||
| "type": "string", | ||
| "description": "Control ID in the format CCC.<Service Category Abbreviation>.C1" | ||
| }, | ||
| "title": { | ||
| "type": "string", | ||
| "description": "Name of the control" | ||
| }, | ||
| "objective": { | ||
| "type": "string", | ||
| "description": "1-3 sentence description of the control objective" | ||
| }, | ||
| "control_family": { | ||
| "type": "string", | ||
| "description": "Control Family" | ||
| }, | ||
| "nist_csf": { | ||
| "type": "string", | ||
| "description": "NIST CSF control ID" | ||
| }, | ||
| "mitre_attack": { | ||
| "type": "string", | ||
| "description": "Mitre ATT&CK technique ID" | ||
| }, | ||
| "threats": { | ||
| "type": "array", | ||
| "items": { | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "properties": { | ||
| "common_controls": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "IDs of common controls; can be omitted if not applicable" | ||
| } | ||
| }, | ||
| "controls": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "id": { | ||
| "type": "string", | ||
| "description": "Threat IDs" | ||
| } | ||
| }, | ||
| "control_mappings": { | ||
| "type": "object", | ||
| "properties": { | ||
| "CCM": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "CCM control IDs" | ||
| } | ||
| }, | ||
| "ISO_27001": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "ISO 27001 control IDs" | ||
| } | ||
| }, | ||
| "NIST_800_53": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "NIST 800-53 control IDs" | ||
| } | ||
| "description": "Control ID in the format CCC.<Service Category Abbreviation>.C1" | ||
| }, | ||
| "title": { | ||
| "type": "string", | ||
| "description": "Name of the control" | ||
| }, | ||
| "objective": { | ||
| "type": "string", | ||
| "description": "1-3 sentence description of the control objective" | ||
| }, | ||
| "control_family": { | ||
| "type": "string", | ||
| "description": "Control Family" | ||
| }, | ||
| "nist_csf": { | ||
| "type": "string", | ||
| "description": "NIST CSF control ID" | ||
| }, | ||
| "mitre_attack": { | ||
| "type": "string", | ||
| "description": "Mitre ATT&CK technique ID" | ||
| }, | ||
| "threats": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "Threat IDs" | ||
| } | ||
| }, | ||
| "required": ["CCM", "ISO_27001", "NIST_800_53"], | ||
| "additionalProperties": false | ||
| }, | ||
| "test_requirements": { | ||
| "type": "object", | ||
| "properties": { | ||
| "tlp_green": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Green test requirement descriptions" | ||
| "control_mappings": { | ||
| "type": "object", | ||
| "properties": { | ||
| "CCM": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "CCM control IDs" | ||
| } | ||
| }, | ||
| "description": "A list of validation requirements for systems that intend limited disclosure, resticted to the community." | ||
| }, | ||
| "tlp_amber": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Amber test requirement descriptions" | ||
| "ISO_27001": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "ISO 27001 control IDs" | ||
| } | ||
| }, | ||
| "description": "A list of validation requirements for systems that intend limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients." | ||
| "NIST_800_53": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "description": "NIST 800-53 control IDs" | ||
| } | ||
| } | ||
| }, | ||
| "tlp_red": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Red test requirement descriptions" | ||
| "required": ["CCM", "ISO_27001", "NIST_800_53"], | ||
| "additionalProperties": false | ||
| }, | ||
| "test_requirements": { | ||
| "type": "object", | ||
| "properties": { | ||
| "tlp_green": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Green test requirement descriptions" | ||
| }, | ||
| "description": "A list of validation requirements for systems that intend limited disclosure, restricted to the community." | ||
| }, | ||
| "description": "A list of validation requirements for systems intended for eyes and ears of individual recipients only, no further disclosure." | ||
| }, | ||
| "tlp_clear": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Clear test requirement descriptions" | ||
| "tlp_amber": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Amber test requirement descriptions" | ||
| }, | ||
| "description": "A list of validation requirements for systems that intend limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients." | ||
| }, | ||
| "description": "A list of validation requirements for systems containing data that recipients can spread to the world, there is no limit on disclosure." | ||
| } | ||
| }, | ||
| "required": ["tlp_green", "tlp_amber", "tlp_red", "tlp_clear"], | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "required": ["id", "title", "objective", "control_family", "nist_csf", "mitre_attack", "threats", "control_mappings", "test_requirements"], | ||
| "additionalProperties": false | ||
| "tlp_red": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Red test requirement descriptions" | ||
| }, | ||
| "description": "A list of validation requirements for systems intended for eyes and ears of individual recipients only, no further disclosure." | ||
| }, | ||
| "tlp_clear": { | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "type": "string", | ||
| "description": "TLP Clear test requirement descriptions" | ||
| }, | ||
| "description": "A list of validation requirements for systems containing data that recipients can spread to the world, there is no limit on disclosure." | ||
| } | ||
| }, | ||
| "required": ["tlp_green", "tlp_amber", "tlp_red", "tlp_clear"], | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "required": ["id", "title", "objective", "control_family", "nist_csf", "mitre_attack", "threats", "control_mappings", "test_requirements"], | ||
| "additionalProperties": false | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "required": ["controls"], | ||
| "additionalProperties": false | ||
| }, | ||
| "required": ["controls"], | ||
| "additionalProperties": false | ||
| } |