sckg
sckg copied to clipboard
redteam-project
Security Control Knowledge Graph
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.5 to 4.9.1. Changelog Sourced from lxml's changelog. 4.9.1 (2022-07-01) Bugs fixed A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
CMMC
I've extracted the controls in CMMC v1.02 for usability. We'll figure out what needs to be correlated from CMMC 800-171 800-53. https://github.com/trevorbryant/cmmc-controls
There are numerous CCIs that map to 800-53A controls. For example: ```xml ``` Add 800-53A to the graph and update DoD CCI mappings, noting that some use logical and descriptions...
``` ====================================================================== FAIL: test_control_count_cis_csc (test_regime_etl.TestConfigYaml) ---------------------------------------------------------------------- Traceback (most recent call last): File "/Users/jasoncallaway/PycharmProjects/sckg/tests/test_regime_etl.py", line 90, in test_control_count_cis_csc self.assertEquals(r[0], r[1]) AssertionError: 191 != 171 ---------------------------------------------------------------------- ```
``` ====================================================================== FAIL: test_control_count_pci_dss (test_regime_etl.TestConfigYaml) ---------------------------------------------------------------------- Traceback (most recent call last): File "/Users/jasoncallaway/PycharmProjects/sckg/tests/test_regime_etl.py", line 97, in test_control_count_pci_dss self.assertEquals(r[0], r[1]) AssertionError: 598 != 513 ---------------------------------------------------------------------- ```
The best way to quickly work on a private regime is to comment out the regimes in config.yml. But if your private regime includes a baseline that references a regime...
Is it possible to map which controls are organization controls opposed to controls that are system controls?
Add mappings from CVEs to NIST 800-53 controls that would mitigate the vulnerability from the CVE
Map in the [Exploit Database](https://www.exploit-db.com/) to the graph