Add OSCAL component for Twistlock/Prisma Cloud
Take output of two day crash control mapping and create an oscal document for package column in the second tab.
sp800-53b-control-baselines-p1__1_.xlsx
- Create a file called
oscal-component.yaml
in the top level of the packge repo
component-definition:
uuid: <<unique uuid>>
metadata:
title: << Component Name>>
last-modified: '2021-10-19T12:00:00Z'
version: 20211019
oscal-version: 1.0.0
parties:
# Should be consistent across all of the packages, but where is ground truth?
- uuid: 72134592-08C2-4A77-ABAD-C880F109367A
type: organization
name: Platform One
links:
- href: <https://p1.dso.mil>
rel: website
components:
- uuid: <<unique uuid>>
type: software
title: << Component Name >>
description: |
<< Fill me out >>
purpose: << Fill me out >>
responsible-roles:
- role-id: provider
party-uuid: 72134592-08C2-4A77-ABAD-C880F109367A # matches parties entry for p1
control-implementations:
- uuid: <<unique uuid>>
source: https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json
description:
Controls implemented by <component> for inheritance by applications
implemented-requirements:
// for each row
- uuid: 6EC9C476-9C9D-4EF6-854B-A5B799D8AED1
control-id: <control-id> // The control in the row that has a non-empty cell in the column for this package
description: >-
< insert the contents of the cell in the the table
See https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice/-/merge_requests/59 for an example