octool 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 776fce8b2089c05dcaf562c769ab2c65a81a3887977390a75e3fadda41c2ffe8
+  data.tar.gz: 107d9de9a54bac2b28bac82f26f10be04a28786bce24673b8ddd3cc6fe5afadd
+SHA512:
+  metadata.gz: 1c864f87036e072690a9fe2645aa95eb0a50b3e51011bb23e3fc3c5e3cf4efd27b8b999098e2a1b2792af90aeaf35f88d79aaea3e2506cb970f89e167b196e23
+  data.tar.gz: 5e99234200a87b85a7b4de20da9196f3c72814f520bdc0329e8fc47b670b2064e2e5a2b950a11f76954c9becf29ef4d737eb01dde1b29eee49dada9fb329d674

data/README.rdoc

@@ -0,0 +1,3 @@
+= octool
+
+:include:octool.rdoc

data/bin/octool

@@ -0,0 +1,93 @@
+#!/usr/bin/env ruby
+require 'gli'
+require 'octool'
+
+# Entrypoint and argument parser for the application.
+class App
+    extend GLI::App
+
+    program_desc 'Open Compliance Tool'
+    version OCTool::VERSION
+
+    subcommand_option_handling :normal
+    arguments :strict
+
+    desc 'Check sanity of configuration'
+    command :validate do |v|
+        v.desc 'validate data'
+        v.arg_name 'path/to/system/config.yaml'
+        v.command :data do |vd|
+            vd.action do |global_options, options, args|
+                config_file = find_config(args)
+                OCTool::Parser.new(config_file).validate_data
+            end
+        end
+
+        v.desc 'validate schemas'
+        v.command :schemas do |vs|
+            vs.action do |global_options, options, args|
+                OCTool::Parser.validate_schemas
+            end
+        end
+
+        v.default_command :data
+    end
+
+    desc 'generate System Security Plan'
+    arg_name 'path/to/system/config.yaml'
+    command :ssp do |s|
+        s.desc 'where to store outputs'
+        s.default_value Dir.tmpdir
+        s.long_desc 'Default output directory respects env vars TMPDIR, TMP, TEMP'
+        s.arg_name 'path/to/output/dir'
+        s.flag [:d, :dir]
+
+        s.action do |global_options, options, args|
+            export_dir = options[:dir]
+            FileUtils.mkdir_p export_dir unless File.directory?(export_dir)
+            config_file = find_config(args)
+            system = OCTool::Parser.new(config_file).load_system
+            Dir.chdir File.dirname(config_file) do
+                OCTool::SSP.new(system, export_dir)
+            end
+        end
+    end
+
+    pre do |global, command, options, args|
+        # Pre logic here
+        #
+        # Return true to proceed;
+        #        false to abort and not call the chosen command
+        #
+        # Use skips_pre before a command
+        # to skip this block on that command only.
+        true
+    end
+
+    post do |global, command, options, args|
+        # Post logic here
+        # Use skips_post before a command
+        # to skip this block on that command only.
+        puts 'OK'
+    end
+
+    on_error do |exception|
+        # Error logic here
+        # Return false to skip default error handling.
+        if ENV['DEBUG']
+            puts exception.backtrace
+            pp exception
+            false
+        else
+            true
+        end
+    end
+end
+
+def find_config(args)
+    path = args.first || OCTool::DEFAULT_CONFIG_FILENAME
+    path = File.join(path, OCTool::DEFAULT_CONFIG_FILENAME) if File.directory?(path)
+    path
+end
+
+exit App.run(ARGV)

data/lib/octool.rb

@@ -0,0 +1,27 @@
+require 'octool/version.rb'
+
+# Built-ins.
+require 'pp'
+require 'tmpdir'
+
+# 3rd-party libs.
+require 'kwalify'
+require 'kwalify/util/hashlike'
+require 'paru/pandoc'
+
+# OCTool libs.
+require 'octool/constants'
+require 'octool/parser'
+require 'octool/ssp'
+require 'octool/system'
+
+# Generated libs.
+require 'octool/generated/certification'
+require 'octool/generated/component'
+require 'octool/generated/config'
+require 'octool/generated/standard'
+
+# Mixins.
+module OCTool
+    include Kwalify::Util::HashLike # defines [], []=, and keys?
+end

data/lib/octool/constants.rb

@@ -0,0 +1,6 @@
+module OCTool
+    LATEST_SCHEMA_VERSION = 'v1.0.0'.freeze
+    BASE_SCHEMA_DIR = File.join(File.dirname(__FILE__), '..', '..', 'schemas').freeze
+    ERB_DIR = File.join(File.dirname(__FILE__), '..', '..', 'templates').freeze
+    DEFAULT_CONFIG_FILENAME = 'config.yaml'.freeze
+end

data/lib/octool/generated/certification.rb

@@ -0,0 +1,35 @@
+require 'kwalify/util/hashlike'
+
+module OCTool
+
+
+  class Certification
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @certification_key = hash['certification_key']
+      @name             = hash['name']
+      @requires         = (v=hash['requires']) ? v.map!{|e| e.is_a?(ControlID) ? e : ControlID.new(e)} : v
+    end
+    attr_accessor :certification_key # str
+    attr_accessor :name             # str
+    attr_accessor :requires         # seq
+  end
+
+
+  class ControlID
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @standard_key     = hash['standard_key']
+      @control_key      = hash['control_key']
+    end
+    attr_accessor :standard_key     # str
+    attr_accessor :control_key      # str
+  end
+
+end

data/lib/octool/generated/component.rb

@@ -0,0 +1,57 @@
+require 'kwalify/util/hashlike'
+
+module OCTool
+
+
+  class Component
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @name             = hash['name']
+      @component_key    = hash['component_key']
+      @description      = hash['description']
+      @attestations     = (v=hash['attestations']) ? v.map!{|e| e.is_a?(Attestation) ? e : Attestation.new(e)} : v
+    end
+    attr_accessor :name             # str
+    attr_accessor :component_key    # str
+    attr_accessor :description      # str
+    attr_accessor :attestations     # seq
+  end
+
+
+  class Attestation
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @summary          = hash['summary']
+      @status           = hash['status']
+      @date_verified    = hash['date_verified']
+      @satisfies        = (v=hash['satisfies']) ? v.map!{|e| e.is_a?(ControlID) ? e : ControlID.new(e)} : v
+      @narrative        = hash['narrative']
+    end
+    attr_accessor :summary          # str
+    attr_accessor :status           # str
+    attr_accessor :date_verified    # date
+    attr_accessor :satisfies        # seq
+    attr_accessor :narrative        # str
+  end
+
+
+  class ControlID
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @standard_key     = hash['standard_key']
+      @control_key      = hash['control_key']
+    end
+    attr_accessor :standard_key     # text
+    attr_accessor :control_key      # text
+  end
+
+end

data/lib/octool/generated/config.rb

@@ -0,0 +1,55 @@
+require 'kwalify/util/hashlike'
+
+module OCTool
+
+
+  class Config
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @schema_version   = hash['schema_version']
+      @name             = hash['name']
+      @overview         = hash['overview']
+      @maintainers      = hash['maintainers']
+      @metadata         = (v=hash['metadata']) && v.is_a?(Hash) ? Metadata.new(v) : v
+      @includes         = (v=hash['includes']) ? v.map!{|e| e.is_a?(Include) ? e : Include.new(e)} : v
+    end
+    attr_accessor :schema_version   # str
+    attr_accessor :name             # str
+    attr_accessor :overview         # str
+    attr_accessor :maintainers      # seq
+    attr_accessor :metadata         # map
+    attr_accessor :includes         # seq
+  end
+
+  ## Optional metadata.
+  class Metadata
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @abstract         = hash['abstract']
+      @description      = hash['description']
+    end
+    attr_accessor :abstract         # str
+    attr_accessor :description      # str
+  end
+
+
+  class Include
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @type             = hash['type']
+      @path             = hash['path']
+    end
+    attr_accessor :type             # str
+    attr_accessor :path             # str
+  end
+
+end

data/lib/octool/generated/standard.rb

@@ -0,0 +1,55 @@
+require 'kwalify/util/hashlike'
+
+module OCTool
+
+
+  class Standard
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @name             = hash['name']
+      @standard_key     = hash['standard_key']
+      @families         = (v=hash['families']) ? v.map!{|e| e.is_a?(ControlFamily) ? e : ControlFamily.new(e)} : v
+      @controls         = (v=hash['controls']) ? v.map!{|e| e.is_a?(Control) ? e : Control.new(e)} : v
+    end
+    attr_accessor :name             # str
+    attr_accessor :standard_key     # str
+    attr_accessor :families         # seq
+    attr_accessor :controls         # seq
+  end
+
+
+  class ControlFamily
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @family_key       = hash['family_key']
+      @name             = hash['name']
+    end
+    attr_accessor :family_key       # str
+    attr_accessor :name             # str
+  end
+
+
+  class Control
+    include Kwalify::Util::HashLike
+    def initialize(hash=nil)
+      if hash.nil?
+        return
+      end
+      @control_key      = hash['control_key']
+      @family_key       = hash['family_key']
+      @name             = hash['name']
+      @description      = hash['description']
+    end
+    attr_accessor :control_key      # str
+    attr_accessor :family_key       # str
+    attr_accessor :name             # str
+    attr_accessor :description      # str
+  end
+
+end

data/lib/octool/parser.rb

@@ -0,0 +1,103 @@
+module OCTool
+    # Custom error to show validation errors.
+    class ValidationError < StandardError
+        attr_reader :errors
+        def initialize(path, errors)
+            @path = path
+            @errors = errors
+        end
+
+        def message
+            msg = ["[ERROR] #{@path}"]
+            @errors.each do |e|
+                msg << "line #{e.linenum} col #{e.column} [#{e.path}] #{e.message}"
+            end
+            msg.join("\n")
+        end
+    end
+
+    # Logic to wrap the kwalify parser.
+    class Parser
+        def initialize(path)
+            @config_file = path
+            die "#{File.expand_path(path)} not readable" unless File.readable?(path)
+        end
+
+        # Class method: check that schemas are valid.
+        def self.validate_schemas
+            metavalidator = Kwalify::MetaValidator.instance
+            kwalify = Kwalify::Yaml::Parser.new(metavalidator)
+            Dir.glob("#{BASE_SCHEMA_DIR}/**/*.yaml").each do |schema|
+                kwalify.parse_file(schema)
+            end
+        end
+
+        def die(message = nil)
+            puts '[FAIL] ' + message if message
+            exit(1)
+        end
+
+        def validate_file(path, type)
+            parser = kwalify_parser(type)
+            data = parser.parse_file(path)
+            errors = parser.errors
+            raise ValidationError.new(path, errors) unless errors.empty?
+
+            data
+        rescue SystemCallError, Kwalify::SyntaxError, ValidationError => e
+            die e.message
+        end
+
+        def kwalify_parser(type)
+            schema_file = File.join(schema_dir, "#{type}.yaml")
+            schema = Kwalify::Yaml.load_file(schema_file)
+            validator = Kwalify::Validator.new(schema)
+            Kwalify::Yaml::Parser.new(validator) { |p| p.data_binding = true }
+        end
+
+        def schema_dir
+            @schema_dir ||= begin
+                File.join(BASE_SCHEMA_DIR, schema_version).freeze
+            end
+        end
+
+        def schema_version
+            @schema_version ||= Kwalify::Yaml.load_file(@config_file)['schema_version']
+        rescue StandardError
+            warn "Setting schema_version to #{LATEST_SCHEMA_VERSION}"
+            LATEST_SCHEMA_VERSION
+        end
+
+        # Check that all data files are valid.
+        def validate_data
+            base_dir = File.dirname(@config_file)
+            config = validate_file(@config_file, 'config')
+            config['includes'].each do |inc|
+                path = File.join(base_dir, inc['path'])
+                type = inc['type']
+                validate_file(path, type)
+            end
+            config
+        end
+
+        def load_system
+            base_dir = File.dirname(@config_file)
+            config = load_file(@config_file, 'config')
+            system = System.new(config)
+            config.includes.each do |inc|
+                path = File.join(base_dir, inc.path)
+                system.data << load_file(path, inc.type)
+            end
+            system
+        end
+
+        def load_file(path, type)
+            die "#{File.expand_path(path)} not readable" unless File.readable?(path)
+            klass = Object.const_get("OCTool::#{type.capitalize}")
+            ydoc = Kwalify::Yaml.load_file(path)
+            klass.new(ydoc)
+        rescue SystemCallError, Kwalify::SyntaxError => e
+            die e.message
+        end
+    end
+end

data/lib/octool/ssp.rb

@@ -0,0 +1,47 @@
+require 'erb'
+
+module OCTool
+    # Build DB, CSV, and markdown.
+    class SSP
+        def initialize(system, output_dir)
+            @system = system
+            @output_dir = output_dir
+            render_template
+            write
+        end
+
+        def render_template
+            print "Building markdown #{md_path} ... "
+            template_path = File.join(ERB_DIR, 'ssp.erb')
+            template = File.read(template_path)
+            output = ERB.new(template, nil, '-').result(binding)
+            File.open(md_path, 'w') { |f| f.puts output }
+            puts 'done'
+        end
+
+        def write
+            print "Building #{pdf_path} ... "
+            pandoc = Paru::Pandoc.new
+            converter = pandoc.configure do
+                from 'markdown'
+                to 'pdf'
+                pdf_engine 'lualatex'
+                toc
+                toc_depth 3
+                number_sections
+                highlight_style 'pygments'
+            end
+            output = converter << File.read(md_path)
+            File.new(pdf_path, 'wb').write(output)
+            puts 'done'
+        end
+
+        def md_path
+            @md_path ||= File.join(@output_dir, 'ssp.md')
+        end
+
+        def pdf_path
+            @pdf_path ||= File.join(@output_dir, 'ssp.pdf')
+        end
+    end
+end

data/lib/octool/system.rb

@@ -0,0 +1,77 @@
+module OCTool
+    # Representation of a system
+    class System
+        attr_accessor :config
+        attr_accessor :data
+
+        def initialize(config)
+            @config = config
+            @data = []
+        end
+
+        def certifications
+            @certifications ||= @data.select { |e| e.is_a?(OCTool::Certification) }
+        end
+
+        def components
+            @components ||= @data.select { |e| e.is_a?(OCTool::Component) }
+        end
+
+        def standards
+            @standards ||= @data.select { |e| e.is_a?(OCTool::Standard) }
+        end
+
+        # List of all attestations claimed by components in the system.
+        def attestations
+            @attestations ||= begin
+                @attestations = []
+                components.each do |c|
+                    # Add a "component_key" field to each attestation.
+                    c.attestations.map! { |e| e['component_key'] = c.component_key; e }
+                    @attestations << c.attestations
+                end
+                @attestations.flatten!
+            end
+        end
+
+        # List of all coverages.
+        def satisfies
+            @satisfies ||= begin
+                @satisfies = []
+                attestations.each do |a|
+                    # Add an "attestation_key" field to each cover.
+                    a.satisfies.map! { |e| e['component_key'] = a.commponent_key; e }
+                    a.satisfies.map! { |e| e['attestation_key'] = a.attestation_summary; e }
+                    @satisfies << a.satisfies
+                end
+                @satisfies.flatten!
+            end
+        end
+
+        # List of all controls defined by standards in the system.
+        def controls
+            @controls || begin
+                @controls = []
+                standards.each do |s|
+                    # Add a "standard_key" field to each control.
+                    s.controls.map! { |e| e['standard_key'] = s.standard_key; e }
+                    @controls << s.controls
+                end
+                @controls.flatten!
+            end
+        end
+
+        # List of all families defined by standards in the system.
+        def families
+            @families || begin
+                @families = []
+                standards.each do |s|
+                    # Add a "standard_key" field to each family.
+                    s.families.map! { |e| e['standard_key'] = s.standard_key; e }
+                    @families << s.families
+                end
+                @families.flatten!
+            end
+        end
+    end
+end

data/lib/octool/version.rb

@@ -0,0 +1,3 @@
+module OCTool
+    VERSION = '0.0.1'.freeze
+end

data/octool.rdoc

@@ -0,0 +1,52 @@
+== octool - Open Compliance Tool
+
+v0.0.1
+
+=== Global Options
+=== --help
+Show this message
+
+
+
+=== --version
+Display the program version
+
+
+
+=== Commands
+==== Command: <tt>help  command</tt>
+Shows a list of commands or help for one command
+
+Gets help for the application or its commands. Can also list the commands in a way helpful to creating a bash-style completion function
+===== Options
+===== -c
+List commands one per line, to assist with shell completion
+
+
+
+==== Command: <tt>ssp  path/to/system/config.yaml</tt>
+generate System Security Plan
+
+
+===== Options
+===== -d|--dir path/to/output/dir
+
+where to store outputs
+
+[Default Value] /tmp
+Default output directory respects env vars TMPDIR, TMP, TEMP
+
+==== Command: <tt>validate </tt>
+Check sanity of configuration
+
+
+===== Commands
+====== Command: <tt>data  path/to/system/config.yaml</tt>
+validate data
+
+
+====== Command: <tt>schemas </tt>
+validate schemas
+
+
+[Default Command] data

data/schemas/v1.0.0/certification.yaml

@@ -0,0 +1,27 @@
+---
+type: map
+class: Certification
+mapping:
+    certification_key:
+        desc: A short, unique identifier for this certification.
+        required: true
+        type: str
+        unique: true
+    name:
+        desc: A human-friendly name for the certification.
+        required: true
+        type: str
+    requires:
+        desc: List of control IDs required by the certification.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: ControlID
+              mapping:
+                  standard_key:
+                      required: true
+                      type: str
+                  control_key:
+                      required: true
+                      type: str

data/schemas/v1.0.0/component.yaml

@@ -0,0 +1,60 @@
+---
+type: map
+class: Component
+mapping:
+    name:
+        desc: Human-friendly name to appear in the SSP.
+        type: str
+        required: true
+    component_key:
+        desc: Unique identifier for referential integrity.
+        type: str
+        required: true
+    description:
+        desc: A paragraph or two that describes the component.
+        type: str
+        required: true
+    attestations:
+        desc: List of attestations.
+        type: seq
+        sequence:
+            - type: map
+              class: Attestation
+              mapping:
+                  summary:
+                      desc: Arbitrary verbiage to appear in SSP as a TLDR.
+                      type: str
+                      required: true
+                  status:
+                      desc: To what extent is this attestation "done"?
+                      type: str
+                      required: true
+                      enum:
+                          - partial
+                          - complete
+                          - planned
+                          - none
+                  date_verified:
+                      desc: When was this last verified?
+                      type: date
+                      required: false
+                  satisfies:
+                      desc: List of control IDs covered by this attestation.
+                      type: seq
+                      required: false
+                      sequence:
+                          - type: map
+                            class: ControlID
+                            mapping:
+                                standard_key:
+                                    type: text
+                                    required: true
+                                control_key:
+                                    type: text
+                                    required: true
+                  narrative:
+                      desc: |
+                          Explain how attestation satisfies the indicated controls.
+                          The content should be in markdown format.
+                      type: str
+                      required: true

data/schemas/v1.0.0/config.yaml

@@ -0,0 +1,64 @@
+---
+type: map
+class: Config
+mapping:
+    schema_version:
+        desc: |
+            Must match one of the schema directories in the octool source.
+        required: true
+        type: str
+
+    name:
+        desc: Human-friendly to appear in the SSP.
+        required: true
+        type: str
+
+    overview:
+        desc: Human-friendly description to appear in the SSP.
+        required: true
+        type: str
+
+    maintainers:
+        desc: Who should somebody contact for questions about this SSP?
+        required: true
+        type: seq
+        sequence:
+            - type: str
+
+    metadata:
+        desc: Optional metadata.
+        required: false
+        type: map
+        class: Metadata
+        mapping:
+            abstract:
+                desc: Abstract appears in document metadata.
+                required: false
+                type: str
+            description:
+                desc: Description appears in document metadata.
+                required: false
+                type: str
+            '=':
+                desc: Arbitrary key:value pair of strings.
+                type: str
+
+    includes:
+        desc: Additional files to include from the system repo.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: Include
+              mapping:
+                  type:
+                      required: true
+                      type: str
+                      enum:
+                          - certification
+                          - component
+                          - standard
+                  path:
+                      desc: Path must be relative within the repo.
+                      required: true
+                      type: str

data/schemas/v1.0.0/standard.yaml

@@ -0,0 +1,50 @@
+---
+type: map
+class: Standard
+mapping:
+    name:
+        desc: Human-friendly name to appear in SSP.
+        type: str
+        required: true
+
+    standard_key:
+        desc: Unique ID to use within YAML files.
+        type: str
+        required: true
+
+    families:
+        desc: Optional list of control families.
+        type: seq
+        required: false
+        sequence:
+            - type: map
+              class: ControlFamily
+              mapping:
+                  family_key:
+                      desc: Unique ID of the family
+                      type: str
+                      unique: true
+                  name:
+                      desc: Human-friendly name of the family
+                      type: str
+    controls:
+        desc: Mandatory list of controls defined by the standard.
+        required: true
+        type: seq
+        sequence:
+            - type: map
+              class: Control
+              mapping:
+                  control_key:
+                      type: str
+                      unique: true
+                      required: true
+                  family_key:
+                      type: str
+                      required: false
+                  name:
+                      type: str
+                      required: true
+                  description:
+                      type: str
+                      required: true

data/templates/ssp.erb

@@ -0,0 +1,120 @@
+---
+title: "<%= @system.config.name -%>"
+subtitle: "System Security Plan"
+
+author:
+<% @system.config.maintainers.each do |maintainer| %>
+    - <%= maintainer -%>
+<% end %>
+
+absract: |
+    <%= @system.config.metadata.abstract rescue 'None' %>
+
+description: |
+    <%= @system.config.metadata.description rescue 'None' %>
+
+fontsize: 11pt
+mainfont: NotoSans
+#monofont: NotoSansMono-ExtraCondensedLight
+monofont: NotoSansMono-ExtraCondensed
+mainfontoptions:
+    - Numbers=Lowercase
+    - Numbers=Proportional
+    - UprightFont=*
+    - ItalicFont=*-Italic
+    - BoldFont=*-Bold
+    - BoldItalicFont=*-BoldItalic
+
+lof: false
+lot: false
+colorlinks: true
+linkcolor: blue
+urlcolor: blue
+
+documentclass: report
+classoption:
+    - onecolumn
+    - oneside
+    - portrait
+
+pagestyle: headings
+papersize: letter
+geometry:
+    - top=2cm
+    - left=2cm
+    - right=2cm
+    - bottom=2cm
+---
+
+# <%= @system.config.name %>
+
+## Overview
+
+<%= @system.config.overview %>
+
+## Standards
+
+This System Security Plan (SSP) addresses these standards:
+
+<% @system.standards.each do |s| -%>
+- <%= s.name %>
+<% end %>
+
+The full copy of each standard is included in the appendix.
+
+
+## Components
+
+<% @system.components.each do |c| %>
+### <%= c.name %>
+
+<%= c.description %>
+
+<% if c.attestations.empty? %>
+_The organization has not yet documented attestations for this component_.
+<% else %>
+The organization offers the following attestations for this component.
+<% end %>
+
+<% c.attestations.each do |a| %>
+####  <%= a.summary %>
+
+Status: <%= a.status %>
+
+Date verified: <%= a.date_verified if a.date_verified %>
+
+Satisfies:
+
+<% a.satisfies.each do |cid| -%>
+- <%= cid.standard_key %> control <%= cid.control_key %>
+<% end -%>
+
+<%= a.narrative %>
+
+<% end %>
+<% end %>
+
+
+# Appendix: Standards
+
+<% @system.standards.each do |s| %>
+## <%=s.name %>
+
+<% if s.families and !s.families.empty? %>
+### Families
+
+<% s.families.each do |family| %>
+- <%= family.family_key -%>: <%= family.name %>
+<% end %>
+
+<% end %>
+
+### Controls
+
+<% s.controls.each do |c| %>
+#### Control <%= c.control_key -%>: <%= c.name %>
+
+<%= c.description %>
+
+<% end %>
+<% end %>

metadata

@@ -0,0 +1,179 @@
+--- !ruby/object:Gem::Specification
+name: octool
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Paul Morgan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-05-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '13.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '13.1'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.3'
+- !ruby/object:Gem::Dependency
+  name: daru
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.19.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.19.0
+- !ruby/object:Gem::Dependency
+  name: kwalify
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+- !ruby/object:Gem::Dependency
+  name: pandoc-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.4
+- !ruby/object:Gem::Dependency
+  name: paru
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.4.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.4.0.1
+description: 
+email: jumanjiman@gmail.com
+executables:
+- octool
+extensions: []
+extra_rdoc_files:
+- README.rdoc
+- octool.rdoc
+files:
+- README.rdoc
+- bin/octool
+- lib/octool.rb
+- lib/octool/constants.rb
+- lib/octool/generated/certification.rb
+- lib/octool/generated/component.rb
+- lib/octool/generated/config.rb
+- lib/octool/generated/standard.rb
+- lib/octool/parser.rb
+- lib/octool/ssp.rb
+- lib/octool/system.rb
+- lib/octool/version.rb
+- octool.rdoc
+- schemas/v1.0.0/certification.yaml
+- schemas/v1.0.0/component.yaml
+- schemas/v1.0.0/config.yaml
+- schemas/v1.0.0/standard.yaml
+- templates/ssp.erb
+homepage: https://github.com/jumanjiman/octool
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--title"
+- octool
+- "--main"
+- README.rdoc
+- "-ri"
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Open Compliance Toolkit
+test_files: []