Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add in updates for traffic light protocol testing requirements #388

Merged
merged 5 commits into from
Sep 19, 2024
Merged

Add in updates for traffic light protocol testing requirements #388

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
66f6ec9
Add in updates for traffic light protocol testing requirements
mlysaght2017 Sep 19, 2024
0201639
Add in tlp_clear
mlysaght2017 Sep 19, 2024
7295cbb
Add in formatting
mlysaght2017 Sep 19, 2024
0f7b115
Add in schema
mlysaght2017 Sep 19, 2024
37f7b2b
Trying to reduce the schema diff
eddie-knight Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion ...nce/community-guidelines/content-standards-and-practices/control-definitions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,11 @@ When creating a new control definition, use the following values:
- **NIST CSF** (`nist_csf`): The specific ID from the NIST Cybersecurity Framework that corresponds to the control.
- **MITRE ATT&CK Technique** (`mitre_attack`): The unique identifier for the most relevant MITRE ATT&CK Technique.
- **External Control Mappings** (`control_mappings`): Identifiers for any other frameworks that map to this control (e.g., CCM, ISO 27001, NIST 800-53).
- **Validation Test Requirements** (`test_requirements`): Detailed descriptions of testing requirements necessary to validate the control’s implementation.
- **Validation Test Section** (`test_requirements`): Detailed descriptions of testing requirements necessary to validate the control’s implementation.
- **TLP Green Test Requirements** (`tlp_green`): A list of validation requirements for systems that intend limited disclosure, restricted to the community. ([ref])
- **TLP Amber Test Requirements** (`tlp_amber`): A list of validation requirements for systems that intend limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients. ([ref])
- **TLP Red Test Requirements** (`tlp_red`): A list of validation requirements for systems intended for eyes and ears of individual recipients only, no further disclosure. ([ref])
- **TLP Clear Test Requirements** (`tlp_clear`): A list of validation requirements for systems containing data that recipients can spread this to the world, there is no limit on disclosure. ([ref])

### Control Family

Expand All @@ -56,3 +60,4 @@ The list of control families is maintained in the [common controls] data.
[common controls]: /services/common-controls.yaml
[delivery tooling]: /delivery-tooling
[threats]: ./threat-definitions.md
[ref]: https://www.cisa.gov/sites/default/files/2023-02/tlp-2-0-user-guide_508c.pdf
15 changes: 11 additions & 4 deletions docs/governance/community-guidelines/templates/controls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,18 @@ controls:
threats:
- <Threat IDs>
control_mappings:
CCM:
CCM:
- <CCM control IDs>
ISO_27001:
ISO_27001:
- <ISO 27001 control IDs>
NIST_800_53:
NIST_800_53:
- <NIST 800-53 control IDs>
test_requirements:
<##>: <Test requirement descriptions>
tlp_green:
<##>: <Test requirement descriptions>
tlp_amber:
<##>: <Test requirement descriptions>
tlp_red:
<##>: <Test requirement descriptions>
tlp_clear:
<##>: <Test requirement descriptions>
42 changes: 37 additions & 5 deletions docs/governance/community-guidelines/templates/schemas/controls-schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,42 @@
},
"test_requirements": {
"type": "object",
"additionalProperties": {
"type": "string",
"description": "Test requirement descriptions"
}
"properties": {
"tlp_green": {
"type": "object",
"additionalProperties": {
"type": "string",
"description": "TLP Green test requirement descriptions"
},
"description": "A list of validation requirements for systems that intend limited disclosure, restricted to the community."
},
"tlp_amber": {
"type": "object",
"additionalProperties": {
"type": "string",
"description": "TLP Amber test requirement descriptions"
},
"description": "A list of validation requirements for systems that intend limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients."
},
"tlp_red": {
"type": "object",
"additionalProperties": {
"type": "string",
"description": "TLP Red test requirement descriptions"
},
"description": "A list of validation requirements for systems intended for eyes and ears of individual recipients only, no further disclosure."
},
"tlp_clear": {
"type": "object",
"additionalProperties": {
"type": "string",
"description": "TLP Clear test requirement descriptions"
},
"description": "A list of validation requirements for systems containing data that recipients can spread to the world, there is no limit on disclosure."
}
},
"required": ["tlp_green", "tlp_amber", "tlp_red", "tlp_clear"],
"additionalProperties": false
}
},
"required": ["id", "title", "objective", "control_family", "nist_csf", "mitre_attack", "threats", "control_mappings", "test_requirements"],
Expand All @@ -88,4 +120,4 @@
},
"required": ["controls"],
"additionalProperties": false
}
}
Loading