octool 0.0.7 → 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/octool/ssp.rb +3 -0
- data/lib/octool/version.rb +1 -1
- data/octool.rdoc +1 -1
- data/templates/ssp.erb +98 -18
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ed9a9d64af06f7c36bf6559eab5919e7b5488ec5a265830d757967dc60784b28
|
4
|
+
data.tar.gz: 0b71a16cd55225d995f0f1ff31c24517900726fe6e9a70a9ae54fa6b93b770fb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 338981986492cd44db6b36844f833865b5ed8966c332a74ed313d12650d00fe0f8d14dccd8db04bf0421adf305619a97bc3a5f17a0ff2ee400537c087f2d7895
|
7
|
+
data.tar.gz: 634d4943387eae05d72ab887c7e555fcb0c119ce5a0cec02ae855dc42cdba95f46a1a553c541b388e7c6e5f0edf141c3ade05870e6e510938426535f9e0ec2f5
|
data/lib/octool/ssp.rb
CHANGED
@@ -53,6 +53,9 @@ module OCTool
|
|
53
53
|
toc_depth 3
|
54
54
|
number_sections
|
55
55
|
highlight_style 'pygments'
|
56
|
+
# https://en.wikibooks.org/wiki/LaTeX/Source_Code_Listings#Encoding_issue
|
57
|
+
# Uncomment the following line after the "listings" package is compatible with utf8
|
58
|
+
# listings
|
56
59
|
end
|
57
60
|
output = converter << File.read(md_path)
|
58
61
|
File.new(out_path, 'wb').write(output)
|
data/lib/octool/version.rb
CHANGED
data/octool.rdoc
CHANGED
data/templates/ssp.erb
CHANGED
@@ -52,17 +52,61 @@ geometry:
|
|
52
52
|
- left=2cm
|
53
53
|
- right=2cm
|
54
54
|
- bottom=2cm
|
55
|
+
|
56
|
+
header-includes:
|
57
|
+
- |
|
58
|
+
```{=latex}
|
59
|
+
% https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#left-aligning-tables-in-latex
|
60
|
+
\usepackage[margins=raggedright]{floatrow}
|
61
|
+
```
|
62
|
+
- |
|
63
|
+
```{=latex}
|
64
|
+
% https://github.com/jgm/pandoc/wiki/Pandoc-Tricks#definition-list-terms-on-their-own-line-in-latex
|
65
|
+
% "Clone" the original \item command
|
66
|
+
\let\originalitem\item
|
67
|
+
|
68
|
+
% Redefine the \item command using the "clone"
|
69
|
+
\makeatletter
|
70
|
+
\renewcommand{\item}[1][\@nil]{%
|
71
|
+
\def\tmp{#1}%
|
72
|
+
\ifx\tmp\@nnil\originalitem\else\originalitem[#1]\hfill\par\fi}
|
73
|
+
\makeatother
|
74
|
+
```
|
75
|
+
- |
|
76
|
+
```{=latex}
|
77
|
+
% The are at least two ways to configure how LaTeX floats figures.
|
78
|
+
%
|
79
|
+
% 1. One approach is described in section 17.2 of
|
80
|
+
% http://tug.ctan.org/tex-archive/info/epslatex/english/epslatex.pdf
|
81
|
+
% However, the approach described there requires to teach people
|
82
|
+
% how to write LaTeX cross-references in markdown.
|
83
|
+
%
|
84
|
+
% 2. Force figures, listings, etc., to float "[H]ere".
|
85
|
+
% This is a LaTeX anti-pattern because it causes large gaps of whitespace on some pages.
|
86
|
+
% This approach avoids having to teach people to create LaTeX cross-references.
|
87
|
+
% https://tex.stackexchange.com/a/101726
|
88
|
+
%
|
89
|
+
% Use option 2.
|
90
|
+
\usepackage{float}
|
91
|
+
\floatplacement{figure}{H}
|
92
|
+
```
|
55
93
|
---
|
56
94
|
|
57
|
-
#
|
95
|
+
# Introduction
|
58
96
|
|
59
|
-
##
|
97
|
+
## About this document
|
98
|
+
|
99
|
+
A System Security Plan (SSP) is a document to describe security controls in use
|
100
|
+
on an information system and their implementation. An SSP provides:
|
101
|
+
|
102
|
+
- Narrative of security control implementation
|
103
|
+
- Description of components and services
|
104
|
+
- System data flows and authorization boundaries
|
60
105
|
|
61
|
-
<%= @system.config['overview'] %>
|
62
106
|
|
63
107
|
## Standards
|
64
108
|
|
65
|
-
This
|
109
|
+
This SSP draws from these standards:
|
66
110
|
|
67
111
|
<% @system.standards.each do |s| -%>
|
68
112
|
- <%= s['name'] %>
|
@@ -71,6 +115,32 @@ This System Security Plan (SSP) addresses these standards:
|
|
71
115
|
The full copy of each standard is included in the appendix.
|
72
116
|
|
73
117
|
|
118
|
+
## Certifications
|
119
|
+
|
120
|
+
A certification is a logical grouping of controls that are of interest to
|
121
|
+
a given subject. A particular certification does not necessarily target all
|
122
|
+
controls from a standard, nor does a particular certification need to draw
|
123
|
+
from a single standard.
|
124
|
+
|
125
|
+
This SSP addresses these certifications:
|
126
|
+
|
127
|
+
<% @system.certifications.each do |c| -%>
|
128
|
+
- <%=c['name']%>
|
129
|
+
|
130
|
+
<% c['requires'].each do |r| -%>
|
131
|
+
- <%=r['standard_key']-%> control <%=r['control_key']%>
|
132
|
+
<% end -%>
|
133
|
+
|
134
|
+
<% end %>
|
135
|
+
|
136
|
+
|
137
|
+
# <%= @system.config['name'] %>
|
138
|
+
|
139
|
+
## Overview
|
140
|
+
|
141
|
+
<%= @system.config['overview'] %>
|
142
|
+
|
143
|
+
|
74
144
|
## Components
|
75
145
|
|
76
146
|
<% @system.components.each do |c| %>
|
@@ -84,18 +154,24 @@ _The organization has not yet documented attestations for this component_.
|
|
84
154
|
The organization offers the following attestations for this component.
|
85
155
|
<% end %>
|
86
156
|
|
87
|
-
<% c['attestations'].each do |a| %>
|
157
|
+
<% c['attestations'].compact.each do |a| %>
|
88
158
|
#### <%= a['summary'] %>
|
89
159
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
<%
|
160
|
+
+----------+---------------+--------------------------------------------------------------+
|
161
|
+
| Status | Date verified | Satisfies |
|
162
|
+
+==========+===============+==============================================================+
|
163
|
+
<%
|
164
|
+
s = a['satisfies'][0]
|
165
|
+
verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
|
166
|
+
-%>
|
167
|
+
| <%=sprintf('%-8s', a['status'])-%> | <%=sprintf('%-13s', a['date_verified'])-%> | - <%=verbiage-%> |
|
168
|
+
<%
|
169
|
+
a['satisfies'][1..].each do |s|
|
170
|
+
verbiage = sprintf('%-58s', [s['standard_key'], 'control', s['control_key']].join(' '))
|
171
|
+
-%>
|
172
|
+
| | | - <%=verbiage-%> |
|
173
|
+
<% end -%>
|
174
|
+
+----------+---------------+--------------------------------------------------------------+
|
99
175
|
|
100
176
|
<%= a['narrative'] %>
|
101
177
|
|
@@ -111,11 +187,15 @@ Satisfies:
|
|
111
187
|
<% if s['families'] and !s['families'].empty? %>
|
112
188
|
### Families
|
113
189
|
|
114
|
-
|
115
|
-
<%= family['family_key'] %>
|
116
|
-
~ <%= family['name'] %>
|
190
|
+
<%=s['name']-%> categorizes controls into logical groups called families.
|
117
191
|
|
118
|
-
|
192
|
+
| Family abbreviation | Family name |
|
193
|
+
| -------------------------- | -------------------- |
|
194
|
+
<% s['families'].each do |family| -%>
|
195
|
+
| <%=family['family_key']-%> | <%=family['name']-%> |
|
196
|
+
<% end -%>
|
197
|
+
|
198
|
+
: Control families for <%=s['name']%>
|
119
199
|
|
120
200
|
<% end %>
|
121
201
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: octool
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Morgan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-05-
|
11
|
+
date: 2020-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|