@blamejs/exceptd-skills 0.10.0 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +54 -0
- package/bin/exceptd.js +303 -9
- package/data/_indexes/_meta.json +2 -2
- package/data/playbooks/ai-api.json +400 -90
- package/data/playbooks/containers.json +406 -94
- package/data/playbooks/cred-stores.json +374 -89
- package/data/playbooks/crypto.json +369 -87
- package/data/playbooks/framework.json +376 -86
- package/data/playbooks/hardening.json +357 -84
- package/data/playbooks/kernel.json +324 -77
- package/data/playbooks/mcp.json +407 -92
- package/data/playbooks/runtime.json +345 -81
- package/data/playbooks/sbom.json +497 -111
- package/data/playbooks/secrets.json +352 -83
- package/lib/playbook-runner.js +77 -7
- package/lib/schemas/playbook.schema.json +5 -0
- package/manifest-snapshot.json +1 -1
- package/manifest.json +39 -39
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/data/playbooks/sbom.json
CHANGED
|
@@ -9,12 +9,26 @@
|
|
|
9
9
|
"version": "1.0.0",
|
|
10
10
|
"date": "2026-05-11",
|
|
11
11
|
"summary": "Initial seven-phase supply-chain SBOM playbook. Inventories installed packages via dpkg-query / rpm -qa / brew list / npm ls / pip freeze / cargo tree / gem list, walks repo lockfiles (package-lock.json / yarn.lock / pnpm-lock.yaml / Pipfile.lock / poetry.lock / requirements.txt / Cargo.lock / go.sum / Gemfile.lock), and matches versions to data/cve-catalog.json. Tests SLSA provenance, Sigstore attestation, and VEX status. Full GRC closure with NIS2 / DORA / EU CRA notification clocks.",
|
|
12
|
-
"cves_added": [
|
|
13
|
-
|
|
12
|
+
"cves_added": [
|
|
13
|
+
"CVE-2026-31431",
|
|
14
|
+
"CVE-2026-43284",
|
|
15
|
+
"CVE-2026-43500",
|
|
16
|
+
"CVE-2025-53773",
|
|
17
|
+
"CVE-2026-30615"
|
|
18
|
+
],
|
|
19
|
+
"framework_gaps_updated": [
|
|
20
|
+
"nist-800-53-SA-12",
|
|
21
|
+
"nist-800-218-SSDF",
|
|
22
|
+
"iso-27001-2022-A.8.30",
|
|
23
|
+
"eu-cra-art13",
|
|
24
|
+
"nis2-art21-2d",
|
|
25
|
+
"dora-art28"
|
|
26
|
+
]
|
|
14
27
|
}
|
|
15
28
|
],
|
|
16
29
|
"owner": "@blamejs/supply-chain",
|
|
17
30
|
"air_gap_mode": false,
|
|
31
|
+
"scope": "system",
|
|
18
32
|
"preconditions": [
|
|
19
33
|
{
|
|
20
34
|
"id": "filesystem-read",
|
|
@@ -49,24 +63,54 @@
|
|
|
49
63
|
}
|
|
50
64
|
]
|
|
51
65
|
},
|
|
52
|
-
|
|
53
66
|
"domain": {
|
|
54
67
|
"name": "Software bill of materials + supply-chain integrity",
|
|
55
68
|
"attack_class": "supply-chain",
|
|
56
|
-
"atlas_refs": [
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
"
|
|
69
|
+
"atlas_refs": [
|
|
70
|
+
"AML.T0010",
|
|
71
|
+
"AML.T0018"
|
|
72
|
+
],
|
|
73
|
+
"attack_refs": [
|
|
74
|
+
"T1195.001",
|
|
75
|
+
"T1195.002",
|
|
76
|
+
"T1554"
|
|
77
|
+
],
|
|
78
|
+
"cve_refs": [
|
|
79
|
+
"CVE-2026-31431",
|
|
80
|
+
"CVE-2026-43284",
|
|
81
|
+
"CVE-2026-43500",
|
|
82
|
+
"CVE-2025-53773",
|
|
83
|
+
"CVE-2026-30615"
|
|
84
|
+
],
|
|
85
|
+
"cwe_refs": [
|
|
86
|
+
"CWE-1357",
|
|
87
|
+
"CWE-1395",
|
|
88
|
+
"CWE-494",
|
|
89
|
+
"CWE-502",
|
|
90
|
+
"CWE-829"
|
|
91
|
+
],
|
|
92
|
+
"d3fend_refs": [
|
|
93
|
+
"D3-CBAN",
|
|
94
|
+
"D3-EAL",
|
|
95
|
+
"D3-EHB"
|
|
96
|
+
],
|
|
61
97
|
"frameworks_in_scope": [
|
|
62
|
-
"nist-800-53",
|
|
63
|
-
"
|
|
64
|
-
"
|
|
98
|
+
"nist-800-53",
|
|
99
|
+
"nist-csf-2",
|
|
100
|
+
"iso-27001-2022",
|
|
101
|
+
"soc2",
|
|
102
|
+
"pci-dss-4",
|
|
103
|
+
"nis2",
|
|
104
|
+
"dora",
|
|
105
|
+
"eu-cra",
|
|
106
|
+
"uk-caf",
|
|
107
|
+
"au-ism",
|
|
108
|
+
"au-essential-8",
|
|
109
|
+
"cmmc",
|
|
110
|
+
"hipaa"
|
|
65
111
|
]
|
|
66
112
|
},
|
|
67
|
-
|
|
68
113
|
"phases": {
|
|
69
|
-
|
|
70
114
|
"govern": {
|
|
71
115
|
"jurisdiction_obligations": [
|
|
72
116
|
{
|
|
@@ -75,7 +119,12 @@
|
|
|
75
119
|
"obligation": "submit_supply_chain_evidence",
|
|
76
120
|
"window_hours": 720,
|
|
77
121
|
"clock_starts": "manual",
|
|
78
|
-
"evidence_required": [
|
|
122
|
+
"evidence_required": [
|
|
123
|
+
"sbom_inventory",
|
|
124
|
+
"cve_match_register",
|
|
125
|
+
"vex_statements",
|
|
126
|
+
"remediation_plan"
|
|
127
|
+
]
|
|
79
128
|
},
|
|
80
129
|
{
|
|
81
130
|
"jurisdiction": "EU",
|
|
@@ -83,7 +132,11 @@
|
|
|
83
132
|
"obligation": "notify_regulator",
|
|
84
133
|
"window_hours": 24,
|
|
85
134
|
"clock_starts": "detect_confirmed",
|
|
86
|
-
"evidence_required": [
|
|
135
|
+
"evidence_required": [
|
|
136
|
+
"affected_systems_inventory",
|
|
137
|
+
"matched_cves_with_active_exploitation",
|
|
138
|
+
"interim_mitigation_record"
|
|
139
|
+
]
|
|
87
140
|
},
|
|
88
141
|
{
|
|
89
142
|
"jurisdiction": "EU",
|
|
@@ -91,7 +144,11 @@
|
|
|
91
144
|
"obligation": "notify_regulator",
|
|
92
145
|
"window_hours": 72,
|
|
93
146
|
"clock_starts": "analyze_complete",
|
|
94
|
-
"evidence_required": [
|
|
147
|
+
"evidence_required": [
|
|
148
|
+
"full_incident_assessment",
|
|
149
|
+
"remediation_plan",
|
|
150
|
+
"vex_status_per_matched_cve"
|
|
151
|
+
]
|
|
95
152
|
},
|
|
96
153
|
{
|
|
97
154
|
"jurisdiction": "EU",
|
|
@@ -99,7 +156,11 @@
|
|
|
99
156
|
"obligation": "submit_third_party_ict_risk_evidence",
|
|
100
157
|
"window_hours": 720,
|
|
101
158
|
"clock_starts": "manual",
|
|
102
|
-
"evidence_required": [
|
|
159
|
+
"evidence_required": [
|
|
160
|
+
"ict_third_party_register",
|
|
161
|
+
"concentration_risk_assessment",
|
|
162
|
+
"subcontracting_inventory"
|
|
163
|
+
]
|
|
103
164
|
},
|
|
104
165
|
{
|
|
105
166
|
"jurisdiction": "EU",
|
|
@@ -107,7 +168,10 @@
|
|
|
107
168
|
"obligation": "notify_regulator",
|
|
108
169
|
"window_hours": 4,
|
|
109
170
|
"clock_starts": "detect_confirmed",
|
|
110
|
-
"evidence_required": [
|
|
171
|
+
"evidence_required": [
|
|
172
|
+
"initial_notification",
|
|
173
|
+
"ict_third_party_dependencies"
|
|
174
|
+
]
|
|
111
175
|
},
|
|
112
176
|
{
|
|
113
177
|
"jurisdiction": "EU",
|
|
@@ -115,7 +179,11 @@
|
|
|
115
179
|
"obligation": "submit_technical_documentation",
|
|
116
180
|
"window_hours": 8760,
|
|
117
181
|
"clock_starts": "manual",
|
|
118
|
-
"evidence_required": [
|
|
182
|
+
"evidence_required": [
|
|
183
|
+
"sbom_per_product",
|
|
184
|
+
"vulnerability_handling_evidence",
|
|
185
|
+
"security_update_record"
|
|
186
|
+
]
|
|
119
187
|
},
|
|
120
188
|
{
|
|
121
189
|
"jurisdiction": "EU",
|
|
@@ -123,7 +191,11 @@
|
|
|
123
191
|
"obligation": "notify_actively_exploited_vulnerability",
|
|
124
192
|
"window_hours": 24,
|
|
125
193
|
"clock_starts": "detect_confirmed",
|
|
126
|
-
"evidence_required": [
|
|
194
|
+
"evidence_required": [
|
|
195
|
+
"affected_product_identification",
|
|
196
|
+
"exploitation_evidence",
|
|
197
|
+
"mitigation_status"
|
|
198
|
+
]
|
|
127
199
|
},
|
|
128
200
|
{
|
|
129
201
|
"jurisdiction": "AU",
|
|
@@ -131,7 +203,10 @@
|
|
|
131
203
|
"obligation": "notify_regulator",
|
|
132
204
|
"window_hours": 72,
|
|
133
205
|
"clock_starts": "validate_complete",
|
|
134
|
-
"evidence_required": [
|
|
206
|
+
"evidence_required": [
|
|
207
|
+
"materiality_assessment",
|
|
208
|
+
"remediation_completed_evidence"
|
|
209
|
+
]
|
|
135
210
|
}
|
|
136
211
|
],
|
|
137
212
|
"theater_fingerprints": [
|
|
@@ -139,37 +214,61 @@
|
|
|
139
214
|
"pattern_id": "sbom-without-cve-correlation",
|
|
140
215
|
"claim": "We produce SBOMs per release — supply chain transparency requirement is met.",
|
|
141
216
|
"fast_detection_test": "Pull the most recent SBOM. Cross-reference its component list against data/cve-catalog.json. If the SBOM exists but no automated CVE correlation runs against it — i.e. the SBOM is a deliverable not a control — that is the canonical SBOM theater. SBOM as artifact without continuous correlation = paper compliance.",
|
|
142
|
-
"implicated_controls": [
|
|
217
|
+
"implicated_controls": [
|
|
218
|
+
"nist-800-53-SA-12",
|
|
219
|
+
"nist-800-218-SSDF-PS-3",
|
|
220
|
+
"eu-cra-art13"
|
|
221
|
+
]
|
|
143
222
|
},
|
|
144
223
|
{
|
|
145
224
|
"pattern_id": "lockfile-without-integrity",
|
|
146
225
|
"claim": "Dependencies are pinned in lockfiles — supply chain is reproducible.",
|
|
147
226
|
"fast_detection_test": "Walk all lockfiles (package-lock.json / yarn.lock / pnpm-lock.yaml / Pipfile.lock / poetry.lock / Cargo.lock / go.sum / Gemfile.lock). For each pinned entry, confirm it carries an integrity hash (sha512/sha384/sha256, sri-integrity, or go.sum cryptographic hash). Theater if any pinned entry lacks integrity — version-pin alone is a name that can be re-published over.",
|
|
148
|
-
"implicated_controls": [
|
|
227
|
+
"implicated_controls": [
|
|
228
|
+
"nist-800-53-SA-12",
|
|
229
|
+
"iso-27001-2022-A.8.30",
|
|
230
|
+
"slsa-l3"
|
|
231
|
+
]
|
|
149
232
|
},
|
|
150
233
|
{
|
|
151
234
|
"pattern_id": "transitive-deps-unsbomed",
|
|
152
235
|
"claim": "Our SBOM lists all dependencies.",
|
|
153
236
|
"fast_detection_test": "Diff the SBOM component count against the lockfile transitive count (npm ls --depth=Infinity, pip freeze + resolve transitively, cargo tree --depth=Infinity). Theater if transitive count exceeds SBOM count by > 5% — direct deps only is incomplete SBOM.",
|
|
154
|
-
"implicated_controls": [
|
|
237
|
+
"implicated_controls": [
|
|
238
|
+
"nist-800-218-SSDF-PS-3",
|
|
239
|
+
"eu-cra-art13",
|
|
240
|
+
"cyclonedx-1-6"
|
|
241
|
+
]
|
|
155
242
|
},
|
|
156
243
|
{
|
|
157
244
|
"pattern_id": "no-vex-statements",
|
|
158
245
|
"claim": "We respond to vulnerability alerts as they arise.",
|
|
159
246
|
"fast_detection_test": "For each matched CVE in the org's SBOM, check whether a VEX (Vulnerability Exploitability eXchange) statement exists. Theater if matched CVEs lack VEX status (not_affected / affected / fixed / under_investigation) — without VEX, every match becomes a manual investigation each time, and the org cannot demonstrate which matches are not exploitable in their context.",
|
|
160
|
-
"implicated_controls": [
|
|
247
|
+
"implicated_controls": [
|
|
248
|
+
"nist-800-218-SSDF",
|
|
249
|
+
"vex-csaf-2-1",
|
|
250
|
+
"eu-cra-art14"
|
|
251
|
+
]
|
|
161
252
|
},
|
|
162
253
|
{
|
|
163
254
|
"pattern_id": "ai-generated-code-not-in-sbom",
|
|
164
255
|
"claim": "Our SBOM is complete.",
|
|
165
256
|
"fast_detection_test": "AI coding assistants (Copilot, Cursor, Claude Code, Windsurf, Codex, Gemini CLI) commit code without provenance attestation. Theater if the org uses AI coding assistants AND no SBOM field captures AI-generated code provenance (which model produced the code, against what context, with what training cutoff). The SBOM lists npm:lodash@4.17.21 but not 'function parseUrl was emitted by Copilot from a docstring that contained indirect prompt injection.'",
|
|
166
|
-
"implicated_controls": [
|
|
257
|
+
"implicated_controls": [
|
|
258
|
+
"nist-800-218-SSDF",
|
|
259
|
+
"cyclonedx-1-7-ml-bom",
|
|
260
|
+
"spdx-3-1-ai-profile"
|
|
261
|
+
]
|
|
167
262
|
},
|
|
168
263
|
{
|
|
169
264
|
"pattern_id": "model-weights-not-treated-as-supply-chain",
|
|
170
265
|
"claim": "We treat models as artifacts.",
|
|
171
266
|
"fast_detection_test": "Inventory model weight files (.pt, .ckpt, .bin, .safetensors) on the host or in repo storage. For each, check (a) signed publisher key, (b) Sigstore-rekor entry, (c) format that doesn't execute code on load (safetensors versus .pt code-executing-deserialization formats). Theater if model weights are pulled from Hugging Face / GitHub LFS with hash-pinning only — hash-pinning a malicious blob does not prevent execution; only signature verification plus non-executing format closes the class (CWE-502).",
|
|
172
|
-
"implicated_controls": [
|
|
267
|
+
"implicated_controls": [
|
|
268
|
+
"nist-800-218-SSDF",
|
|
269
|
+
"openssf-model-signing",
|
|
270
|
+
"atlas-aml-t0018"
|
|
271
|
+
]
|
|
173
272
|
}
|
|
174
273
|
],
|
|
175
274
|
"framework_context": {
|
|
@@ -238,9 +337,14 @@
|
|
|
238
337
|
}
|
|
239
338
|
]
|
|
240
339
|
},
|
|
241
|
-
"skill_preload": [
|
|
340
|
+
"skill_preload": [
|
|
341
|
+
"supply-chain-integrity",
|
|
342
|
+
"exploit-scoring",
|
|
343
|
+
"framework-gap-analysis",
|
|
344
|
+
"compliance-theater",
|
|
345
|
+
"policy-exception-gen"
|
|
346
|
+
]
|
|
242
347
|
},
|
|
243
|
-
|
|
244
348
|
"direct": {
|
|
245
349
|
"threat_context": "Supply-chain landscape Q1-Q2 2026: in-scope artifacts are every build-pipeline input, CI runner image, container base, transitive package, model weight loaded at inference, and AI-coding-assistant-emitted code committed to the repo. Defining incidents driving the current state: (1) CVE-2026-30615 (Windsurf MCP zero-interaction RCE, 150M+ download blast radius) — developer tool with no enforced manifest signing executes attacker-controlled code with zero user interaction. (2) CVE-2026-31431 (Copy Fail) — KEV-listed kernel LPE that matches via dpkg/rpm package inventory in seconds, becomes a 4-hour incident. (3) XZ Utils backdoor (CVE-2024-3094, 2024) — maintainer-position long-game compromise that no SBOM-only program detected. Typosquat campaigns target MCP, Hugging Face, npm @modelcontextprotocol/*, and PyPI ML namespaces (ATLAS AML.T0010). Model weights in code-executing serialization formats are CWE-502 deserialization vectors (ATLAS AML.T0018); hash-pinning a malicious blob does not prevent execution. AI-generated code is opaque-provenance code: Copilot/Cursor/Claude Code/Windsurf/Codex/Gemini emit code committed without attestation of which model produced it. Compliance trajectory: EU CRA (Art.13/14) and NIST SSDF have established SBOM as mandatory deliverable; implementing acts and program maturity continue to lag — orgs produce SBOMs without continuous correlation, VEX, transitive completeness, AI-code provenance, or model-weight signature verification.",
|
|
246
350
|
"rwep_threshold": {
|
|
@@ -250,11 +354,33 @@
|
|
|
250
354
|
},
|
|
251
355
|
"framework_lag_declaration": "Supply-chain frameworks have advanced fastest of any class in this exceptd release, but implementation gaps are pervasive. NIST 800-53 SA-12, NIST 800-218 SSDF, ISO 27001:2022 A.8.30/A.5.20, SOC 2 CC9.2, PCI DSS 4.0 sect.6.3, NIS2 Art.21(2)(d), DORA Art.28, EU CRA Art.13/14 all permit (a) SBOM as deliverable without continuous correlation, (b) lockfile-pinning without integrity hash, (c) direct-deps-only SBOM, (d) absence of VEX statements, (e) absence of AI-generated-code provenance, (f) model weights treated as content blobs. Lag = ~90 days behind operational tooling (SLSA / Sigstore / in-toto / VEX-CSAF) and ~210 days behind AI-coding-assistant adoption tempo. Compensating controls (continuous CVE correlation, integrity-pinned lockfiles, transitive SBOM completeness, VEX maintenance, AI-code provenance, model weight signature verification + safetensors-only loading) MUST close the gap before SBOM-as-deliverable compliance can be accepted.",
|
|
252
356
|
"skill_chain": [
|
|
253
|
-
{
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
357
|
+
{
|
|
358
|
+
"skill": "supply-chain-integrity",
|
|
359
|
+
"purpose": "Inventory installed packages and walk lockfiles. Test SLSA build provenance, Sigstore signing, in-toto attestation, VEX status, AI-code provenance, model weight signing.",
|
|
360
|
+
"required": true
|
|
361
|
+
},
|
|
362
|
+
{
|
|
363
|
+
"skill": "exploit-scoring",
|
|
364
|
+
"purpose": "For each matched CVE: compute RWEP using catalog kev / poc / ai-discovery / active-exploitation / patch / live-patch fields. Rank for triage.",
|
|
365
|
+
"required": true
|
|
366
|
+
},
|
|
367
|
+
{
|
|
368
|
+
"skill": "framework-gap-analysis",
|
|
369
|
+
"purpose": "Map matched CVEs and theater fingerprints to framework controls that fail to cover them.",
|
|
370
|
+
"skip_if": "analyze.framework_gap_mapping.length == 0",
|
|
371
|
+
"required": false
|
|
372
|
+
},
|
|
373
|
+
{
|
|
374
|
+
"skill": "compliance-theater",
|
|
375
|
+
"purpose": "Run the six theater fingerprints in govern.theater_fingerprints; emit verdict per pattern.",
|
|
376
|
+
"required": true
|
|
377
|
+
},
|
|
378
|
+
{
|
|
379
|
+
"skill": "policy-exception-gen",
|
|
380
|
+
"purpose": "Generate auditor-ready exception for any matched CVE that cannot be remediated within the relevant compliance window.",
|
|
381
|
+
"skip_if": "close.exception_generation.trigger_condition == false",
|
|
382
|
+
"required": false
|
|
383
|
+
}
|
|
258
384
|
],
|
|
259
385
|
"token_budget": {
|
|
260
386
|
"estimated_total": 26000,
|
|
@@ -269,7 +395,6 @@
|
|
|
269
395
|
}
|
|
270
396
|
}
|
|
271
397
|
},
|
|
272
|
-
|
|
273
398
|
"look": {
|
|
274
399
|
"artifacts": [
|
|
275
400
|
{
|
|
@@ -403,15 +528,38 @@
|
|
|
403
528
|
}
|
|
404
529
|
],
|
|
405
530
|
"fallback_if_unavailable": [
|
|
406
|
-
{
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
{
|
|
531
|
+
{
|
|
532
|
+
"artifact_id": "sbom-artifacts",
|
|
533
|
+
"fallback_action": "mark_inconclusive",
|
|
534
|
+
"confidence_impact": "low"
|
|
535
|
+
},
|
|
536
|
+
{
|
|
537
|
+
"artifact_id": "vex-statements",
|
|
538
|
+
"fallback_action": "mark_inconclusive",
|
|
539
|
+
"confidence_impact": "medium"
|
|
540
|
+
},
|
|
541
|
+
{
|
|
542
|
+
"artifact_id": "container-image-layers",
|
|
543
|
+
"fallback_action": "use_compensating_artifact",
|
|
544
|
+
"confidence_impact": "medium"
|
|
545
|
+
},
|
|
546
|
+
{
|
|
547
|
+
"artifact_id": "ai-coding-assistant-inventory",
|
|
548
|
+
"fallback_action": "use_compensating_artifact",
|
|
549
|
+
"confidence_impact": "low"
|
|
550
|
+
},
|
|
551
|
+
{
|
|
552
|
+
"artifact_id": "model-weight-files",
|
|
553
|
+
"fallback_action": "use_compensating_artifact",
|
|
554
|
+
"confidence_impact": "low"
|
|
555
|
+
},
|
|
556
|
+
{
|
|
557
|
+
"artifact_id": "cve-catalog",
|
|
558
|
+
"fallback_action": "escalate_to_human",
|
|
559
|
+
"confidence_impact": "high"
|
|
560
|
+
}
|
|
412
561
|
]
|
|
413
562
|
},
|
|
414
|
-
|
|
415
563
|
"detect": {
|
|
416
564
|
"indicators": [
|
|
417
565
|
{
|
|
@@ -505,28 +653,97 @@
|
|
|
505
653
|
"not_detected": "Zero matched CVEs against current package inventory AND all lockfiles integrity-hashed AND SBOM-to-inventory count match AND every previously-matched CVE has a current VEX statement AND no executable-format unsigned model weights AND no Windsurf vulnerable installs."
|
|
506
654
|
}
|
|
507
655
|
},
|
|
508
|
-
|
|
509
656
|
"analyze": {
|
|
510
657
|
"rwep_inputs": [
|
|
511
|
-
{
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
{
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
658
|
+
{
|
|
659
|
+
"signal_id": "package-matches-catalogued-cve",
|
|
660
|
+
"rwep_factor": "active_exploitation",
|
|
661
|
+
"weight": 25,
|
|
662
|
+
"notes": "Multiplier from catalog entry's active_exploitation field (confirmed=25, suspected=12, none=0)."
|
|
663
|
+
},
|
|
664
|
+
{
|
|
665
|
+
"signal_id": "package-matches-catalogued-cve",
|
|
666
|
+
"rwep_factor": "cisa_kev",
|
|
667
|
+
"weight": 20,
|
|
668
|
+
"notes": "KEV-listed = full weight."
|
|
669
|
+
},
|
|
670
|
+
{
|
|
671
|
+
"signal_id": "package-matches-catalogued-cve",
|
|
672
|
+
"rwep_factor": "public_poc",
|
|
673
|
+
"weight": 15,
|
|
674
|
+
"notes": "PoC availability per catalog."
|
|
675
|
+
},
|
|
676
|
+
{
|
|
677
|
+
"signal_id": "package-matches-catalogued-cve",
|
|
678
|
+
"rwep_factor": "ai_weaponization",
|
|
679
|
+
"weight": 10,
|
|
680
|
+
"notes": "AI-discovered or AI-assisted-weaponization flagged in catalog."
|
|
681
|
+
},
|
|
682
|
+
{
|
|
683
|
+
"signal_id": "package-matches-catalogued-cve",
|
|
684
|
+
"rwep_factor": "patch_available",
|
|
685
|
+
"weight": -10,
|
|
686
|
+
"notes": "Patch available reduces RWEP by 10."
|
|
687
|
+
},
|
|
688
|
+
{
|
|
689
|
+
"signal_id": "package-matches-catalogued-cve",
|
|
690
|
+
"rwep_factor": "live_patch_available",
|
|
691
|
+
"weight": -15,
|
|
692
|
+
"notes": "Live patch available reduces RWEP by 15."
|
|
693
|
+
},
|
|
694
|
+
{
|
|
695
|
+
"signal_id": "kev-listed-match",
|
|
696
|
+
"rwep_factor": "cisa_kev",
|
|
697
|
+
"weight": 20,
|
|
698
|
+
"notes": "Direct KEV signal."
|
|
699
|
+
},
|
|
700
|
+
{
|
|
701
|
+
"signal_id": "windsurf-vulnerable-version",
|
|
702
|
+
"rwep_factor": "blast_radius",
|
|
703
|
+
"weight": 25,
|
|
704
|
+
"notes": "Zero-interaction RCE in developer endpoint."
|
|
705
|
+
},
|
|
706
|
+
{
|
|
707
|
+
"signal_id": "model-weight-unsigned-and-executable-format",
|
|
708
|
+
"rwep_factor": "blast_radius",
|
|
709
|
+
"weight": 20,
|
|
710
|
+
"notes": "Deserialization vector on load; ATLAS AML.T0018."
|
|
711
|
+
},
|
|
712
|
+
{
|
|
713
|
+
"signal_id": "lockfile-no-integrity",
|
|
714
|
+
"rwep_factor": "active_exploitation",
|
|
715
|
+
"weight": 5,
|
|
716
|
+
"notes": "Re-publication-over attack documented; modest active-exploitation signal."
|
|
717
|
+
}
|
|
521
718
|
],
|
|
522
719
|
"blast_radius_model": {
|
|
523
720
|
"scope_question": "If a matched-CVE in this host's supply chain is exploited, OR the supply chain is compromised at the publisher level, what scope of compromise does this host realistically deliver?",
|
|
524
721
|
"scoring_rubric": [
|
|
525
|
-
{
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
722
|
+
{
|
|
723
|
+
"condition": "host runs single-tenant dev workload with isolated dependencies, no production access, no CI signing keys",
|
|
724
|
+
"blast_radius_score": 1,
|
|
725
|
+
"description": "Local dev compromise only."
|
|
726
|
+
},
|
|
727
|
+
{
|
|
728
|
+
"condition": "host has prod-adjacent CI runners or test environments with non-prod credentials",
|
|
729
|
+
"blast_radius_score": 2,
|
|
730
|
+
"description": "Staging/dev cloud compromise."
|
|
731
|
+
},
|
|
732
|
+
{
|
|
733
|
+
"condition": "host is a production application server or k8s node with shared package surface",
|
|
734
|
+
"blast_radius_score": 3,
|
|
735
|
+
"description": "Production tenancy compromise via runtime dependency."
|
|
736
|
+
},
|
|
737
|
+
{
|
|
738
|
+
"condition": "host has package-publishing rights (npm/PyPI maintainer keys, cosign signing keys, GitHub-package writer)",
|
|
739
|
+
"blast_radius_score": 4,
|
|
740
|
+
"description": "Publisher-position compromise; downstream propagation."
|
|
741
|
+
},
|
|
742
|
+
{
|
|
743
|
+
"condition": "host is a release-engineering bootstrap with cross-account assume-role + publishing rights to org namespaces + CI signing keys + multi-platform cosign chains",
|
|
744
|
+
"blast_radius_score": 5,
|
|
745
|
+
"description": "Org-wide supply-chain pivot; XZ-Utils-class compromise."
|
|
746
|
+
}
|
|
530
747
|
]
|
|
531
748
|
},
|
|
532
749
|
"compliance_theater_check": {
|
|
@@ -601,81 +818,147 @@
|
|
|
601
818
|
}
|
|
602
819
|
],
|
|
603
820
|
"escalation_criteria": [
|
|
604
|
-
{
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
{
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
821
|
+
{
|
|
822
|
+
"condition": "kev-listed-match == true",
|
|
823
|
+
"action": "page_on_call"
|
|
824
|
+
},
|
|
825
|
+
{
|
|
826
|
+
"condition": "rwep >= 80 AND patch_available == false",
|
|
827
|
+
"action": "page_on_call"
|
|
828
|
+
},
|
|
829
|
+
{
|
|
830
|
+
"condition": "windsurf-vulnerable-version == true",
|
|
831
|
+
"action": "trigger_playbook",
|
|
832
|
+
"target_playbook": "mcp"
|
|
833
|
+
},
|
|
834
|
+
{
|
|
835
|
+
"condition": "any matched_cve.attack_class == 'kernel-lpe'",
|
|
836
|
+
"action": "trigger_playbook",
|
|
837
|
+
"target_playbook": "kernel"
|
|
838
|
+
},
|
|
839
|
+
{
|
|
840
|
+
"condition": "model-weight-unsigned-and-executable-format == true AND blast_radius_score >= 3",
|
|
841
|
+
"action": "raise_severity"
|
|
842
|
+
},
|
|
843
|
+
{
|
|
844
|
+
"condition": "blast_radius_score >= 4",
|
|
845
|
+
"action": "trigger_playbook",
|
|
846
|
+
"target_playbook": "framework"
|
|
847
|
+
},
|
|
848
|
+
{
|
|
849
|
+
"condition": "compliance_theater_check.verdict == 'theater' AND jurisdiction_obligations contains 'EU'",
|
|
850
|
+
"action": "notify_legal"
|
|
851
|
+
},
|
|
852
|
+
{
|
|
853
|
+
"condition": "any actively_exploited_match AND jurisdiction_obligations contains 'EU/EU CRA Art.14 24h'",
|
|
854
|
+
"action": "notify_legal"
|
|
855
|
+
}
|
|
612
856
|
]
|
|
613
857
|
},
|
|
614
|
-
|
|
615
858
|
"validate": {
|
|
616
859
|
"remediation_paths": [
|
|
617
860
|
{
|
|
618
861
|
"id": "patch-matched-cves",
|
|
619
862
|
"description": "For each matched CVE: apply vendor patch via package manager (apt/yum/dnf/brew/npm/pip/cargo/gem), live-patch if available, or container-image rebuild.",
|
|
620
|
-
"preconditions": [
|
|
863
|
+
"preconditions": [
|
|
864
|
+
"patch_available == true",
|
|
865
|
+
"operator_authorized_for_package_upgrade == true"
|
|
866
|
+
],
|
|
621
867
|
"priority": 1,
|
|
622
|
-
"compensating_controls": [
|
|
868
|
+
"compensating_controls": [
|
|
869
|
+
"restart_affected_services_post_upgrade",
|
|
870
|
+
"regression_test_post_upgrade"
|
|
871
|
+
],
|
|
623
872
|
"estimated_time_hours": 4
|
|
624
873
|
},
|
|
625
874
|
{
|
|
626
875
|
"id": "enforce-integrity-pinned-lockfiles",
|
|
627
876
|
"description": "Add CI gate that rejects any lockfile entry without an integrity hash. For npm: re-run with --package-lock-only to populate integrity. For pip: use pip-compile --generate-hashes. For others: regenerate with integrity-aware tooling.",
|
|
628
|
-
"preconditions": [
|
|
877
|
+
"preconditions": [
|
|
878
|
+
"ci_pipeline_modifiable == true"
|
|
879
|
+
],
|
|
629
880
|
"priority": 2,
|
|
630
|
-
"compensating_controls": [
|
|
881
|
+
"compensating_controls": [
|
|
882
|
+
"lockfile_review_in_pr_template"
|
|
883
|
+
],
|
|
631
884
|
"estimated_time_hours": 8
|
|
632
885
|
},
|
|
633
886
|
{
|
|
634
887
|
"id": "deploy-continuous-sbom-correlation",
|
|
635
888
|
"description": "Stand up automated SBOM-to-CVE correlation: on every SBOM generation, run against data/cve-catalog.json + upstream NVD/CISA-KEV feeds; alert on match with RWEP score and VEX prompt.",
|
|
636
|
-
"preconditions": [
|
|
889
|
+
"preconditions": [
|
|
890
|
+
"sbom_generation_in_ci == true OR sbom_artifact_storage_accessible == true"
|
|
891
|
+
],
|
|
637
892
|
"priority": 3,
|
|
638
|
-
"compensating_controls": [
|
|
893
|
+
"compensating_controls": [
|
|
894
|
+
"alert_routing_to_secops"
|
|
895
|
+
],
|
|
639
896
|
"estimated_time_hours": 16
|
|
640
897
|
},
|
|
641
898
|
{
|
|
642
899
|
"id": "extend-sbom-transitive-completeness",
|
|
643
900
|
"description": "Regenerate SBOMs with transitive depth (CycloneDX 1.6 deep mode, SPDX 3.0 with relationships, or per-tool deep flag). Verify component count matches transitive lockfile resolution.",
|
|
644
|
-
"preconditions": [
|
|
901
|
+
"preconditions": [
|
|
902
|
+
"sbom_tooling_supports_transitive == true"
|
|
903
|
+
],
|
|
645
904
|
"priority": 4,
|
|
646
|
-
"compensating_controls": [
|
|
905
|
+
"compensating_controls": [
|
|
906
|
+
"sbom_completeness_gate_in_ci"
|
|
907
|
+
],
|
|
647
908
|
"estimated_time_hours": 8
|
|
648
909
|
},
|
|
649
910
|
{
|
|
650
911
|
"id": "maintain-vex-register",
|
|
651
912
|
"description": "For each matched CVE: produce a VEX statement (not_affected / affected / fixed / under_investigation) with justification. Use CSAF 2.0 VEX profile.",
|
|
652
|
-
"preconditions": [
|
|
913
|
+
"preconditions": [
|
|
914
|
+
"security_team_capacity_for_vex == true"
|
|
915
|
+
],
|
|
653
916
|
"priority": 5,
|
|
654
|
-
"compensating_controls": [
|
|
917
|
+
"compensating_controls": [
|
|
918
|
+
"vex_template_in_security_playbook"
|
|
919
|
+
],
|
|
655
920
|
"estimated_time_hours": 12
|
|
656
921
|
},
|
|
657
922
|
{
|
|
658
923
|
"id": "ai-code-provenance",
|
|
659
924
|
"description": "Adopt commit-trailer convention or SBOM AI profile (CycloneDX 1.7 ML-BOM / SPDX 3.1 AI profile) capturing model + context + cutoff for AI-emitted code.",
|
|
660
|
-
"preconditions": [
|
|
925
|
+
"preconditions": [
|
|
926
|
+
"org_uses_ai_coding_assistants == true",
|
|
927
|
+
"ci_or_pre-commit_modifiable == true"
|
|
928
|
+
],
|
|
661
929
|
"priority": 6,
|
|
662
|
-
"compensating_controls": [
|
|
930
|
+
"compensating_controls": [
|
|
931
|
+
"pr_review_for_ai_emitted_code",
|
|
932
|
+
"ai_code_review_checklist"
|
|
933
|
+
],
|
|
663
934
|
"estimated_time_hours": 16
|
|
664
935
|
},
|
|
665
936
|
{
|
|
666
937
|
"id": "model-weight-signing-and-safetensors",
|
|
667
938
|
"description": "Restrict model-loader to safetensors format only AND require Sigstore (OpenSSF model-signing) verification before load.",
|
|
668
|
-
"preconditions": [
|
|
939
|
+
"preconditions": [
|
|
940
|
+
"ml_loader_modifiable == true OR ml_inference_pipeline_owned == true"
|
|
941
|
+
],
|
|
669
942
|
"priority": 7,
|
|
670
|
-
"compensating_controls": [
|
|
943
|
+
"compensating_controls": [
|
|
944
|
+
"model_inventory_review",
|
|
945
|
+
"non-safetensors_models_quarantined"
|
|
946
|
+
],
|
|
671
947
|
"estimated_time_hours": 24
|
|
672
948
|
},
|
|
673
949
|
{
|
|
674
950
|
"id": "policy-exception",
|
|
675
951
|
"description": "Where a matched CVE cannot be remediated within compliance window (vendor pending, blocker dependency, architectural impossibility): generate auditor-ready policy exception via policy-exception-gen.",
|
|
676
|
-
"preconditions": [
|
|
952
|
+
"preconditions": [
|
|
953
|
+
"remediation_paths[1..7] blocked for at least one matched CVE",
|
|
954
|
+
"ciso_acceptance_obtainable == true"
|
|
955
|
+
],
|
|
677
956
|
"priority": 8,
|
|
678
|
-
"compensating_controls": [
|
|
957
|
+
"compensating_controls": [
|
|
958
|
+
"network_segmentation",
|
|
959
|
+
"enhanced_logging_for_affected_component",
|
|
960
|
+
"vendor_engagement_tracking"
|
|
961
|
+
],
|
|
679
962
|
"estimated_time_hours": 8
|
|
680
963
|
}
|
|
681
964
|
],
|
|
@@ -733,47 +1016,96 @@
|
|
|
733
1016
|
"risk": "Supply chain mutates continuously. Every new dependency release, every new AI-coding-assistant emission, every new model publication introduces a fresh attestation requirement. Maintainer-position long-game compromise (XZ-Utils class) bypasses signature-based controls until the maintainer's transparency-log entry is revoked.",
|
|
734
1017
|
"why_remains": "Signature verification proves authorship not safety; provenance attestation depends on publisher discipline; VEX maintenance requires sustained security-team capacity; AI-code provenance depends on tooling that's still standardizing (CycloneDX 1.7 / SPDX 3.1 draft). Crypto-agility for signing infrastructure is itself a multi-year program.",
|
|
735
1018
|
"acceptance_level": "ciso",
|
|
736
|
-
"compensating_controls_in_place": [
|
|
1019
|
+
"compensating_controls_in_place": [
|
|
1020
|
+
"continuous_sbom_to_cve_correlation_with_alerting",
|
|
1021
|
+
"ci_gate_for_lockfile_integrity",
|
|
1022
|
+
"vex_register_with_quarterly_review",
|
|
1023
|
+
"ai_code_review_checklist",
|
|
1024
|
+
"model_loader_safetensors_enforcement",
|
|
1025
|
+
"maintainer_key_transparency_monitoring"
|
|
1026
|
+
]
|
|
737
1027
|
},
|
|
738
1028
|
"evidence_requirements": [
|
|
739
1029
|
{
|
|
740
1030
|
"evidence_type": "scan_report",
|
|
741
1031
|
"description": "Full package inventory across all package managers + lockfile walk; matched-CVE list with per-match RWEP + VEX status.",
|
|
742
1032
|
"retention_period": "7_years",
|
|
743
|
-
"framework_satisfied": [
|
|
1033
|
+
"framework_satisfied": [
|
|
1034
|
+
"nist-800-53-SA-12",
|
|
1035
|
+
"nist-800-218-PS-3",
|
|
1036
|
+
"iso-27001-2022-A.8.30",
|
|
1037
|
+
"nis2-art21-2d",
|
|
1038
|
+
"eu-cra-art13"
|
|
1039
|
+
]
|
|
744
1040
|
},
|
|
745
1041
|
{
|
|
746
1042
|
"evidence_type": "config_diff",
|
|
747
1043
|
"description": "Before/after lockfile diff showing integrity hashes added; SBOM before/after showing transitive completeness; CI pipeline diff showing integrity-gate addition.",
|
|
748
1044
|
"retention_period": "7_years",
|
|
749
|
-
"framework_satisfied": [
|
|
1045
|
+
"framework_satisfied": [
|
|
1046
|
+
"nist-800-53-CM-3",
|
|
1047
|
+
"iso-27001-2022-A.8.32"
|
|
1048
|
+
]
|
|
750
1049
|
},
|
|
751
1050
|
{
|
|
752
1051
|
"evidence_type": "patch_record",
|
|
753
1052
|
"description": "Package upgrade tickets with timestamps for each matched-CVE remediation; container-image rebuild records.",
|
|
754
1053
|
"retention_period": "7_years",
|
|
755
|
-
"framework_satisfied": [
|
|
1054
|
+
"framework_satisfied": [
|
|
1055
|
+
"nist-800-53-SI-2",
|
|
1056
|
+
"iso-27001-2022-A.8.8",
|
|
1057
|
+
"pci-dss-4-6.3",
|
|
1058
|
+
"nis2-art21-2c"
|
|
1059
|
+
]
|
|
756
1060
|
},
|
|
757
1061
|
{
|
|
758
1062
|
"evidence_type": "attestation",
|
|
759
1063
|
"description": "Signed exceptd attestation file with evidence_hash, matched-CVE count at detection, count post-remediation, RWEP delta, VEX coverage percentage.",
|
|
760
1064
|
"retention_period": "7_years",
|
|
761
|
-
"framework_satisfied": [
|
|
1065
|
+
"framework_satisfied": [
|
|
1066
|
+
"nist-800-53-CA-7",
|
|
1067
|
+
"iso-27001-2022-A.5.36",
|
|
1068
|
+
"nis2-art21-2d",
|
|
1069
|
+
"dora-art28",
|
|
1070
|
+
"eu-cra-art13"
|
|
1071
|
+
]
|
|
762
1072
|
}
|
|
763
1073
|
],
|
|
764
1074
|
"regression_trigger": [
|
|
765
|
-
{
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
{
|
|
1075
|
+
{
|
|
1076
|
+
"condition": "new_cve_in_class == true",
|
|
1077
|
+
"interval": "on_event"
|
|
1078
|
+
},
|
|
1079
|
+
{
|
|
1080
|
+
"condition": "new_kev_listing_for_inventoried_package",
|
|
1081
|
+
"interval": "on_event"
|
|
1082
|
+
},
|
|
1083
|
+
{
|
|
1084
|
+
"condition": "new_dependency_added",
|
|
1085
|
+
"interval": "on_event"
|
|
1086
|
+
},
|
|
1087
|
+
{
|
|
1088
|
+
"condition": "new_release",
|
|
1089
|
+
"interval": "on_event"
|
|
1090
|
+
},
|
|
1091
|
+
{
|
|
1092
|
+
"condition": "monthly",
|
|
1093
|
+
"interval": "30d"
|
|
1094
|
+
}
|
|
770
1095
|
]
|
|
771
1096
|
},
|
|
772
|
-
|
|
773
1097
|
"close": {
|
|
774
1098
|
"evidence_package": {
|
|
775
1099
|
"bundle_format": "csaf-2.0",
|
|
776
|
-
"contents": [
|
|
1100
|
+
"contents": [
|
|
1101
|
+
"scan_report",
|
|
1102
|
+
"config_diff",
|
|
1103
|
+
"patch_record",
|
|
1104
|
+
"attestation",
|
|
1105
|
+
"framework_gap_mapping",
|
|
1106
|
+
"compliance_theater_verdict",
|
|
1107
|
+
"residual_risk_statement"
|
|
1108
|
+
],
|
|
777
1109
|
"destination": "grc_platform_api",
|
|
778
1110
|
"signed": true
|
|
779
1111
|
},
|
|
@@ -785,63 +1117,100 @@
|
|
|
785
1117
|
"framework_gap": "NIST 800-53 SA-12, NIST 800-218 SSDF, ISO 27001:2022 A.8.30, SOC 2 CC9.2, PCI DSS 4.0 6.3, NIS2 Art.21(2)(d), DORA Art.28, EU CRA Art.13/14 all permit SBOM-as-deliverable compliance over a fully exposed supply chain. Implementation lag = ~90 days behind operational tooling (SLSA / Sigstore / VEX) and ~210 days behind AI-coding-assistant adoption.",
|
|
786
1118
|
"new_control_requirement": "Add supply-chain control class with: (a) continuous SBOM-to-CVE correlation with KEV / active-exploitation feeds and RWEP scoring, (b) CI gate enforcing integrity-hashed lockfiles, (c) transitive completeness check vs lockfile resolution, (d) VEX maintenance per matched CVE (CSAF 2.0 profile), (e) AI-code provenance via commit-trailer convention OR CycloneDX 1.7 ML-BOM / SPDX 3.1 AI profile, (f) model-loader restricted to safetensors with Sigstore/OpenSSF model-signing verification."
|
|
787
1119
|
},
|
|
788
|
-
"feeds_back_to_skills": [
|
|
1120
|
+
"feeds_back_to_skills": [
|
|
1121
|
+
"supply-chain-integrity",
|
|
1122
|
+
"exploit-scoring",
|
|
1123
|
+
"framework-gap-analysis",
|
|
1124
|
+
"compliance-theater",
|
|
1125
|
+
"zeroday-gap-learn"
|
|
1126
|
+
]
|
|
789
1127
|
},
|
|
790
1128
|
"notification_actions": [
|
|
791
1129
|
{
|
|
792
1130
|
"obligation_ref": "EU/NIS2 Art.21(2)(d) 720h",
|
|
793
1131
|
"deadline": "computed_at_runtime",
|
|
794
1132
|
"recipient": "internal_legal",
|
|
795
|
-
"evidence_attached": [
|
|
1133
|
+
"evidence_attached": [
|
|
1134
|
+
"sbom_inventory",
|
|
1135
|
+
"cve_match_register",
|
|
1136
|
+
"vex_statements",
|
|
1137
|
+
"remediation_plan"
|
|
1138
|
+
],
|
|
796
1139
|
"draft_notification": "NIS2 Art.21(2)(d) supply chain security evidence: ${entity_name} attests supply chain security per Art.21(2)(d). SBOM inventory: ${sbom_summary}. Matched CVEs: ${match_count}; KEV-listed: ${kev_count}; remediated: ${remediated_count}; VEX-covered: ${vex_count}. Remediation plan attached."
|
|
797
1140
|
},
|
|
798
1141
|
{
|
|
799
1142
|
"obligation_ref": "EU/NIS2 Art.23 24h",
|
|
800
1143
|
"deadline": "computed_at_runtime",
|
|
801
1144
|
"recipient": "internal_legal",
|
|
802
|
-
"evidence_attached": [
|
|
1145
|
+
"evidence_attached": [
|
|
1146
|
+
"affected_systems_inventory",
|
|
1147
|
+
"matched_cves_with_active_exploitation",
|
|
1148
|
+
"interim_mitigation_record"
|
|
1149
|
+
],
|
|
803
1150
|
"draft_notification": "NIS2 Art.23 24-hour early-warning: Supply-chain incident — matched CVE(s) ${matched_cve_ids} with active-exploitation on ${affected_host_count} host(s). KEV-listed: ${kev_count}. Interim mitigation: ${interim_mitigation}. Full assessment to follow within 72 hours per Art.23(4)."
|
|
804
1151
|
},
|
|
805
1152
|
{
|
|
806
1153
|
"obligation_ref": "EU/NIS2 Art.23 72h",
|
|
807
1154
|
"deadline": "computed_at_runtime",
|
|
808
1155
|
"recipient": "regulator_email",
|
|
809
|
-
"evidence_attached": [
|
|
1156
|
+
"evidence_attached": [
|
|
1157
|
+
"full_incident_assessment",
|
|
1158
|
+
"remediation_plan",
|
|
1159
|
+
"vex_status_per_matched_cve"
|
|
1160
|
+
],
|
|
810
1161
|
"draft_notification": "NIS2 Art.23 incident notification (72h): full assessment of supply-chain incident. Affected systems: ${affected_systems}. Remediation plan: ${remediation_summary}. VEX status: ${vex_summary}."
|
|
811
1162
|
},
|
|
812
1163
|
{
|
|
813
1164
|
"obligation_ref": "EU/DORA Art.28 720h",
|
|
814
1165
|
"deadline": "computed_at_runtime",
|
|
815
1166
|
"recipient": "internal_legal",
|
|
816
|
-
"evidence_attached": [
|
|
1167
|
+
"evidence_attached": [
|
|
1168
|
+
"ict_third_party_register",
|
|
1169
|
+
"concentration_risk_assessment",
|
|
1170
|
+
"subcontracting_inventory"
|
|
1171
|
+
],
|
|
817
1172
|
"draft_notification": "DORA Art.28 third-party ICT risk submission: ${entity_name} (financial entity) attests third-party ICT risk management per Art.28. Register: ${register_summary}. Concentration risk: ${concentration_summary}."
|
|
818
1173
|
},
|
|
819
1174
|
{
|
|
820
1175
|
"obligation_ref": "EU/DORA Art.19 4h",
|
|
821
1176
|
"deadline": "computed_at_runtime",
|
|
822
1177
|
"recipient": "internal_legal",
|
|
823
|
-
"evidence_attached": [
|
|
1178
|
+
"evidence_attached": [
|
|
1179
|
+
"initial_notification",
|
|
1180
|
+
"ict_third_party_dependencies"
|
|
1181
|
+
],
|
|
824
1182
|
"draft_notification": "DORA Art.19 initial notification: major ICT-related incident — supply-chain matched-CVE exposure on financial-entity systems. ICT third-party dependencies affected: ${ict_dependencies}. Full classification to follow."
|
|
825
1183
|
},
|
|
826
1184
|
{
|
|
827
1185
|
"obligation_ref": "EU/EU CRA Art.13 / Annex I 8760h",
|
|
828
1186
|
"deadline": "computed_at_runtime",
|
|
829
1187
|
"recipient": "internal_legal",
|
|
830
|
-
"evidence_attached": [
|
|
1188
|
+
"evidence_attached": [
|
|
1189
|
+
"sbom_per_product",
|
|
1190
|
+
"vulnerability_handling_evidence",
|
|
1191
|
+
"security_update_record"
|
|
1192
|
+
],
|
|
831
1193
|
"draft_notification": "EU CRA Art.13 / Annex I technical documentation submission: ${entity_name} attests product cybersecurity requirements. SBOM per product attached. Vulnerability handling: ${vh_summary}. Security update record: ${update_record}."
|
|
832
1194
|
},
|
|
833
1195
|
{
|
|
834
1196
|
"obligation_ref": "EU/EU CRA Art.14 24h",
|
|
835
1197
|
"deadline": "computed_at_runtime",
|
|
836
1198
|
"recipient": "regulator_email",
|
|
837
|
-
"evidence_attached": [
|
|
1199
|
+
"evidence_attached": [
|
|
1200
|
+
"affected_product_identification",
|
|
1201
|
+
"exploitation_evidence",
|
|
1202
|
+
"mitigation_status"
|
|
1203
|
+
],
|
|
838
1204
|
"draft_notification": "EU CRA Art.14 actively-exploited vulnerability notification: Product ${product_id} contains actively-exploited vulnerability ${matched_cve_id}. Affected versions: ${affected_versions}. Exploitation evidence: ${exploitation_evidence}. Mitigation: ${mitigation_status}. Updates: ${update_url}."
|
|
839
1205
|
},
|
|
840
1206
|
{
|
|
841
1207
|
"obligation_ref": "AU/APRA CPS 234 72h",
|
|
842
1208
|
"deadline": "computed_at_runtime",
|
|
843
1209
|
"recipient": "regulator_email",
|
|
844
|
-
"evidence_attached": [
|
|
1210
|
+
"evidence_attached": [
|
|
1211
|
+
"materiality_assessment",
|
|
1212
|
+
"remediation_completed_evidence"
|
|
1213
|
+
],
|
|
845
1214
|
"draft_notification": "APRA CPS 234 notification: material information security incident — supply-chain matched-CVE exposure. Materiality: ${materiality_justification}. Remediation summary: ${remediation_summary}."
|
|
846
1215
|
}
|
|
847
1216
|
],
|
|
@@ -850,7 +1219,13 @@
|
|
|
850
1219
|
"exception_template": {
|
|
851
1220
|
"scope": "Matched CVE(s) ${matched_cve_ids} affect package(s) ${affected_packages} which cannot be remediated within the compliance window. Blocking factors: ${blocking_factors} (vendor patch pending, blocker dependency, architectural impossibility, EOL package without backport).",
|
|
852
1221
|
"duration": "until_vendor_patch",
|
|
853
|
-
"compensating_controls": [
|
|
1222
|
+
"compensating_controls": [
|
|
1223
|
+
"network_segmentation_isolating_affected_component",
|
|
1224
|
+
"enhanced_logging_for_exploit_indicators",
|
|
1225
|
+
"ci_gate_blocking_new_uses_of_affected_package",
|
|
1226
|
+
"vendor_engagement_tracking_with_weekly_re-poll",
|
|
1227
|
+
"monthly_residual_risk_review"
|
|
1228
|
+
],
|
|
854
1229
|
"risk_acceptance_owner": "ciso",
|
|
855
1230
|
"auditor_ready_language": "Pursuant to ${framework_id} ${control_id} (Supply Chain Protection / Outsourced Development / Vendor and Business Partner Risk Management / Vulnerability Handling), the organization documents a time-bound risk acceptance for matched CVE(s) ${matched_cve_ids} in package(s) ${affected_packages} on ${affected_host_count} host(s). Vendor patch availability: ${patch_available_status}. Live-patch availability: ${livepatch_status}. KEV listing: ${kev_status}. Active exploitation: ${active_exploitation_status}. Public PoC: ${poc_status}. AI-discovery: ${ai_discovered_status}. RWEP at exception submission: ${rwep_score}. The organization accepts that current framework controls (NIST 800-53 SA-12 / NIST 800-218 SSDF / ISO 27001:2022 A.8.30 / SOC 2 CC9.2 / PCI DSS 4.0 6.3 / NIS2 Art.21(2)(d) / DORA Art.28 / EU CRA Art.13/14) permit SBOM-as-deliverable compliance over the exposed package surface, that this structural gap is documented in ${exceptd_framework_gap_mapping_ref}, and that the organization's compensating controls during the exception window are: ${compensating_controls}. VEX statement: ${vex_statement} (under_investigation / not_affected / affected). Detection coverage during exception: continuous SBOM-to-CVE correlation, enhanced logging for exploit indicators, KEV-feed integration alerting on new KEV listing for the affected component. Risk accepted by ${ciso_name} on ${acceptance_date}. Time-bound until ${duration_expiry} (vendor patch publication, replacement dependency selection, OR ${default_30d_expiry}, whichever is first). Re-evaluation triggers: vendor patch publication, new KEV listing for affected package, active-exploitation indicator fires, new PoC published, OR scheduled expiry."
|
|
856
1231
|
}
|
|
@@ -862,32 +1237,43 @@
|
|
|
862
1237
|
}
|
|
863
1238
|
}
|
|
864
1239
|
},
|
|
865
|
-
|
|
866
1240
|
"directives": [
|
|
867
1241
|
{
|
|
868
1242
|
"id": "all-installed-packages-and-lockfiles",
|
|
869
1243
|
"title": "Full supply-chain inventory and matched-CVE triage",
|
|
870
|
-
"applies_to": {
|
|
1244
|
+
"applies_to": {
|
|
1245
|
+
"always": true
|
|
1246
|
+
}
|
|
871
1247
|
},
|
|
872
1248
|
{
|
|
873
1249
|
"id": "kernel-lpe-copy-fail",
|
|
874
1250
|
"title": "Targeted match for CVE-2026-31431 'Copy Fail' (KEV, AI-discovered, deterministic kernel LPE)",
|
|
875
|
-
"applies_to": {
|
|
1251
|
+
"applies_to": {
|
|
1252
|
+
"cve": "CVE-2026-31431"
|
|
1253
|
+
},
|
|
876
1254
|
"phase_overrides": {
|
|
877
1255
|
"direct": {
|
|
878
|
-
"rwep_threshold": {
|
|
1256
|
+
"rwep_threshold": {
|
|
1257
|
+
"escalate": 70,
|
|
1258
|
+
"monitor": 40,
|
|
1259
|
+
"close": 25
|
|
1260
|
+
}
|
|
879
1261
|
}
|
|
880
1262
|
}
|
|
881
1263
|
},
|
|
882
1264
|
{
|
|
883
1265
|
"id": "ml-supply-chain-aml-t0010",
|
|
884
1266
|
"title": "ATLAS AML.T0010 — ML Supply Chain Compromise",
|
|
885
|
-
"applies_to": {
|
|
1267
|
+
"applies_to": {
|
|
1268
|
+
"atlas_ttp": "AML.T0010"
|
|
1269
|
+
}
|
|
886
1270
|
},
|
|
887
1271
|
{
|
|
888
1272
|
"id": "compromised-model-weight-aml-t0018",
|
|
889
1273
|
"title": "ATLAS AML.T0018 — Compromised model weight",
|
|
890
|
-
"applies_to": {
|
|
1274
|
+
"applies_to": {
|
|
1275
|
+
"atlas_ttp": "AML.T0018"
|
|
1276
|
+
}
|
|
891
1277
|
}
|
|
892
1278
|
]
|
|
893
1279
|
}
|