Project 'platform-one/big-bang/bigbang' was moved to 'big-bang/bigbang'. Please update any links and bookmarks that may still have the old path.
Add OSCAL Component for Keycloak
Take output of two day crash control mapping and create an oscal document for package column in the second tab.
sp800-53b-control-baselines-p1__1_.xlsx
- Create a file called
oscal-component.yamlin the top level of the packge repo
component-definition:
uuid: <<unique uuid>>
metadata:
title: << Component Name>>
last-modified: '2021-10-19T12:00:00Z'
version: 20211019
oscal-version: 1.0.0
parties:
# Should be consistent across all of the packages, but where is ground truth?
- uuid: 72134592-08C2-4A77-ABAD-C880F109367A
type: organization
name: Platform One
links:
- href: <https://p1.dso.mil>
rel: website
components:
- uuid: <<unique uuid>>
type: software
title: << Component Name >>
description: |
<< Fill me out >>
purpose: << Fill me out >>
responsible-roles:
- role-id: provider
party-uuid: 72134592-08C2-4A77-ABAD-C880F109367A # matches parties entry for p1
control-implementations:
- uuid: <<unique uuid>>
source: https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json
description:
Controls implemented by <component> for inheritance by applications
implemented-requirements:
// for each row
- uuid: 6EC9C476-9C9D-4EF6-854B-A5B799D8AED1
control-id: <control-id> // The control in the row that has a non-empty cell in the column for this package
description: >-
< insert the contents of the cell in the the tableSee https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice/-/merge_requests/59 for an example
Relates https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/merge_requests/67