framework-mcp 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/COPILOT_INTEGRATION.md +2 -2
  2. package/DEPLOYMENT_GUIDE.md +3 -3
  3. package/MCP_INTEGRATION_GUIDE.md +318 -0
  4. package/README.md +4 -9
  5. package/dist/index.d.ts +0 -1
  6. package/dist/index.d.ts.map +1 -1
  7. package/dist/index.js +1 -62
  8. package/dist/index.js.map +1 -1
  9. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  10. package/dist/interfaces/http/http-server.js +3 -25
  11. package/dist/interfaces/http/http-server.js.map +1 -1
  12. package/dist/interfaces/mcp/mcp-server.d.ts +0 -1
  13. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  14. package/dist/interfaces/mcp/mcp-server.js +3 -52
  15. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  16. package/examples/example-usage.md +267 -21
  17. package/examples/vendors.csv +8 -4
  18. package/examples/vendors.json +24 -9
  19. package/package.json +1 -1
  20. package/scripts/validate-documentation.sh +150 -0
  21. package/src/index.ts +1 -66
  22. package/src/interfaces/http/http-server.ts +3 -34
  23. package/src/interfaces/mcp/mcp-server.ts +3 -64
  24. package/swagger.json +3 -82
  25. package/backups/README.md +0 -31
  26. package/backups/safeguard-manager-5-safeguards.ts +0 -343
  27. package/dist/core/safeguard-manager.backup.d.ts +0 -15
  28. package/dist/core/safeguard-manager.backup.d.ts.map +0 -1
  29. package/dist/core/safeguard-manager.backup.js +0 -318
  30. package/dist/core/safeguard-manager.backup.js.map +0 -1
  31. package/migration/README.md +0 -66
  32. package/migration/integration-ready-safeguards.ts +0 -5457
  33. package/src/core/safeguard-manager.backup.ts +0 -343
  34. package/src/core/safeguard-manager.ts.backup-20250821_085347 +0 -343
@@ -1,343 +0,0 @@
1
- import { SafeguardElement, CacheEntry } from '../shared/types.js';
2
-
3
- export class SafeguardManager {
4
- private cache: Map<string, CacheEntry<any>>;
5
- private safeguards: Record<string, SafeguardElement> = {};
6
-
7
- constructor() {
8
- this.cache = new Map();
9
- this.initializeSafeguards();
10
- }
11
-
12
- public getSafeguardDetails(safeguardId: string, includeExamples: boolean = false): SafeguardElement | null {
13
- // Check cache first
14
- const cacheKey = `${safeguardId}_${includeExamples}`;
15
- const cached = this.getCachedSafeguardDetails(cacheKey);
16
- if (cached) {
17
- return cached;
18
- }
19
-
20
- const safeguard = this.safeguards[safeguardId];
21
- if (!safeguard) {
22
- return null;
23
- }
24
-
25
- // Add examples if requested
26
- let result = { ...safeguard };
27
- if (includeExamples) {
28
- result = this.addImplementationExamples(result);
29
- }
30
-
31
- // Cache the result
32
- this.cache.set(cacheKey, {
33
- data: result,
34
- timestamp: Date.now()
35
- });
36
-
37
- return result;
38
- }
39
-
40
- public listAvailableSafeguards(): string[] {
41
- // Check cache first
42
- const cached = this.cache.get('safeguard_list');
43
- if (cached && (Date.now() - cached.timestamp < 10 * 60 * 1000)) { // 10 minute cache
44
- return cached.data;
45
- }
46
-
47
- const safeguardList = Object.keys(this.safeguards).sort((a, b) => {
48
- const [aMajor, aMinor] = a.split('.').map(Number);
49
- const [bMajor, bMinor] = b.split('.').map(Number);
50
- return aMajor - bMajor || aMinor - bMinor;
51
- });
52
-
53
- // Cache the result
54
- this.cache.set('safeguard_list', {
55
- data: safeguardList,
56
- timestamp: Date.now()
57
- });
58
-
59
- return safeguardList;
60
- }
61
-
62
- public getAllSafeguards(): Record<string, SafeguardElement> {
63
- return { ...this.safeguards };
64
- }
65
-
66
- public validateSafeguardId(safeguardId: string): void {
67
- if (!safeguardId || typeof safeguardId !== 'string') {
68
- throw new Error('Safeguard ID is required and must be a string');
69
- }
70
-
71
- if (!/^[0-9]+\.[0-9]+$/.test(safeguardId)) {
72
- throw new Error('Safeguard ID must be in format "X.Y" (e.g., "1.1", "5.1")');
73
- }
74
-
75
- if (!this.safeguards[safeguardId]) {
76
- const availableSafeguards = this.listAvailableSafeguards();
77
- throw new Error(`Safeguard ${safeguardId} not found. Available safeguards: ${availableSafeguards.join(', ')}`);
78
- }
79
- }
80
-
81
- private getCachedSafeguardDetails(cacheKey: string): SafeguardElement | null {
82
- const cached = this.cache.get(cacheKey);
83
-
84
- if (cached && (Date.now() - cached.timestamp < 5 * 60 * 1000)) { // 5 minute cache
85
- return cached.data;
86
- }
87
-
88
- return null;
89
- }
90
-
91
- private addImplementationExamples(safeguard: SafeguardElement): SafeguardElement {
92
- // Add implementation examples based on safeguard type
93
- const examples = this.getImplementationExamples(safeguard.id);
94
-
95
- return {
96
- ...safeguard,
97
- implementationSuggestions: [
98
- ...safeguard.implementationSuggestions,
99
- ...examples
100
- ]
101
- };
102
- }
103
-
104
- private getImplementationExamples(safeguardId: string): string[] {
105
- const exampleMap: Record<string, string[]> = {
106
- "1.1": [
107
- "Example: Use Lansweeper for automated asset discovery",
108
- "Example: Implement ServiceNow CMDB for centralized tracking",
109
- "Example: Deploy Microsoft SCCM for Windows asset management"
110
- ],
111
- "5.1": [
112
- "Example: Use Azure AD for centralized account management",
113
- "Example: Implement Okta for identity lifecycle management",
114
- "Example: Deploy JumpCloud for directory services"
115
- ],
116
- "6.3": [
117
- "Example: Enable Azure MFA for all external applications",
118
- "Example: Implement Duo Security for multi-factor authentication",
119
- "Example: Use Google Workspace SSO with MFA enforcement"
120
- ],
121
- "7.1": [
122
- "Example: Establish Nessus vulnerability scanning schedule",
123
- "Example: Implement Qualys VMDR for continuous monitoring",
124
- "Example: Use Rapid7 InsightVM for vulnerability management"
125
- ]
126
- };
127
-
128
- return exampleMap[safeguardId] || [];
129
- }
130
-
131
- private initializeSafeguards(): void {
132
- // Initialize the complete CIS Controls Framework data
133
- // TODO: Replace with complete 153 safeguards dataset - currently using temporary placeholder
134
- // The complete dataset will be loaded from the original implementation
135
- console.warn('⚠️ KNOWN BUG: SafeguardManager only loads 5 sample safeguards instead of complete 153 CIS Controls v8.1 dataset');
136
-
137
- this.safeguards = {
138
- "1.1": {
139
- id: "1.1",
140
- title: "Establish and Maintain a Detailed Enterprise Asset Inventory",
141
- description: "Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data",
142
- implementationGroup: "IG1",
143
- assetType: ["end-user devices", "network devices", "IoT devices", "servers"],
144
- securityFunction: ["Identify"],
145
- governanceElements: [
146
- "establish inventory process",
147
- "maintain inventory process",
148
- "documented process",
149
- "review and update bi-annually",
150
- "enterprise asset management policy"
151
- ],
152
- coreRequirements: [
153
- "accurate inventory",
154
- "detailed inventory",
155
- "up-to-date inventory",
156
- "all enterprise assets",
157
- "potential to store or process data"
158
- ],
159
- subTaxonomicalElements: [
160
- "network address (if static)",
161
- "hardware address",
162
- "machine name",
163
- "enterprise asset owner",
164
- "department for each asset",
165
- "approved to connect to network",
166
- "end-user devices (portable and mobile)",
167
- "network devices",
168
- "non-computing/IoT devices",
169
- "servers",
170
- "physical connection",
171
- "virtual connection",
172
- "remote connection",
173
- "cloud environments",
174
- "regularly connected devices not under enterprise control"
175
- ],
176
- implementationSuggestions: [
177
- "MDM type tools for mobile devices",
178
- "enterprise and software asset management tool",
179
- "asset discovery tools",
180
- "DHCP logging",
181
- "passive discovery tools"
182
- ],
183
- relatedSafeguards: ["1.2", "1.3", "1.4", "1.5", "2.1", "3.2", "4.1", "5.1"],
184
- keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"]
185
- },
186
- "1.2": {
187
- id: "1.2",
188
- title: "Address Unauthorized Assets",
189
- description: "Ensure that a process exists to address unauthorized assets on a weekly basis",
190
- implementationGroup: "IG1",
191
- assetType: ["devices"],
192
- securityFunction: ["Respond"],
193
- governanceElements: [
194
- "ensure process exists",
195
- "weekly basis requirement",
196
- "unauthorized asset handling policy"
197
- ],
198
- coreRequirements: [
199
- "address unauthorized assets",
200
- "process to handle unauthorized devices",
201
- "weekly execution"
202
- ],
203
- subTaxonomicalElements: [
204
- "unauthorized asset detection",
205
- "asset classification",
206
- "response timeline",
207
- "documentation requirements",
208
- "quarantine procedures",
209
- "removal procedures"
210
- ],
211
- implementationSuggestions: [
212
- "network access control (NAC) solutions",
213
- "automated asset discovery tools",
214
- "network monitoring systems",
215
- "SIEM integration"
216
- ],
217
- relatedSafeguards: ["1.1", "1.3", "12.1", "13.1"],
218
- keywords: ["unauthorized", "assets", "weekly", "address", "process", "detection", "quarantine"]
219
- },
220
- "5.1": {
221
- id: "5.1",
222
- title: "Establish and Maintain an Inventory of Accounts",
223
- description: "Establish and maintain an inventory of all accounts managed in the enterprise",
224
- implementationGroup: "IG1",
225
- assetType: ["users"],
226
- securityFunction: ["Identify"],
227
- governanceElements: [
228
- "establish inventory process",
229
- "maintain inventory process",
230
- "validate all active accounts are authorized",
231
- "recurring schedule minimum quarterly",
232
- "account management policy"
233
- ],
234
- coreRequirements: [
235
- "inventory of all accounts",
236
- "user accounts",
237
- "administrator accounts",
238
- "managed in the enterprise"
239
- ],
240
- subTaxonomicalElements: [
241
- "person's name",
242
- "username",
243
- "start/stop dates",
244
- "department",
245
- "account status",
246
- "account type",
247
- "access rights",
248
- "last login date"
249
- ],
250
- implementationSuggestions: [
251
- "identity and access management tool",
252
- "directory services",
253
- "automated account provisioning",
254
- "account lifecycle management",
255
- "role-based access control system"
256
- ],
257
- relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2"],
258
- keywords: ["accounts", "inventory", "user", "administrator", "name", "username", "dates", "department", "quarterly"]
259
- },
260
- "6.3": {
261
- id: "6.3",
262
- title: "Require MFA for Externally-Exposed Applications",
263
- description: "Require all externally-exposed enterprise or third-party applications to enforce MFA",
264
- implementationGroup: "IG1",
265
- assetType: ["users"],
266
- securityFunction: ["Protect"],
267
- governanceElements: [
268
- "require MFA enforcement",
269
- "policy for externally-exposed applications",
270
- "MFA compliance verification"
271
- ],
272
- coreRequirements: [
273
- "multi-factor authentication",
274
- "all externally-exposed applications",
275
- "enterprise applications",
276
- "third-party applications",
277
- "enforce MFA where supported"
278
- ],
279
- subTaxonomicalElements: [
280
- "authentication factors",
281
- "something you know (password)",
282
- "something you have (token)",
283
- "something you are (biometric)",
284
- "external access points",
285
- "application inventory",
286
- "exposure assessment"
287
- ],
288
- implementationSuggestions: [
289
- "directory service enforcement",
290
- "SSO provider enforcement",
291
- "multi-factor authentication tools",
292
- "SAML integration",
293
- "OAuth implementation",
294
- "conditional access policies"
295
- ],
296
- relatedSafeguards: ["2.1", "4.1", "5.1", "6.1", "6.2"],
297
- keywords: ["MFA", "multi-factor", "authentication", "externally-exposed", "applications", "third-party", "SSO", "directory"]
298
- },
299
- "7.1": {
300
- id: "7.1",
301
- title: "Establish and Maintain a Vulnerability Management Process",
302
- description: "Establish and maintain a documented vulnerability management process for enterprise assets",
303
- implementationGroup: "IG1",
304
- assetType: ["documentation"],
305
- securityFunction: ["Govern"],
306
- governanceElements: [
307
- "establish documented process",
308
- "maintain vulnerability management process",
309
- "review and update documentation annually",
310
- "update when significant enterprise changes occur",
311
- "vulnerability management policy"
312
- ],
313
- coreRequirements: [
314
- "vulnerability management process",
315
- "enterprise assets scope",
316
- "documented procedures",
317
- "vulnerability identification",
318
- "vulnerability assessment"
319
- ],
320
- subTaxonomicalElements: [
321
- "vulnerability scanning procedures",
322
- "risk assessment criteria",
323
- "remediation prioritization",
324
- "patch management integration",
325
- "vulnerability tracking",
326
- "reporting requirements",
327
- "roles and responsibilities",
328
- "escalation procedures"
329
- ],
330
- implementationSuggestions: [
331
- "vulnerability scanning tools",
332
- "patch management systems",
333
- "vulnerability databases",
334
- "CVSS scoring",
335
- "automated scanning",
336
- "vulnerability management platforms"
337
- ],
338
- relatedSafeguards: ["1.1", "2.1", "7.2", "7.3", "7.4", "7.5", "7.6", "7.7"],
339
- keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"]
340
- }
341
- };
342
- }
343
- }
@@ -1,15 +0,0 @@
1
- import { SafeguardElement } from '../shared/types.js';
2
- export declare class SafeguardManager {
3
- private cache;
4
- private safeguards;
5
- constructor();
6
- getSafeguardDetails(safeguardId: string, includeExamples?: boolean): SafeguardElement | null;
7
- listAvailableSafeguards(): string[];
8
- getAllSafeguards(): Record<string, SafeguardElement>;
9
- validateSafeguardId(safeguardId: string): void;
10
- private getCachedSafeguardDetails;
11
- private addImplementationExamples;
12
- private getImplementationExamples;
13
- private initializeSafeguards;
14
- }
15
- //# sourceMappingURL=safeguard-manager.backup.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"safeguard-manager.backup.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.backup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;;IAOnD,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAsBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAUjC,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAoN7B"}
@@ -1,318 +0,0 @@
1
- export class SafeguardManager {
2
- constructor() {
3
- this.safeguards = {};
4
- this.cache = new Map();
5
- this.initializeSafeguards();
6
- }
7
- getSafeguardDetails(safeguardId, includeExamples = false) {
8
- // Check cache first
9
- const cacheKey = `${safeguardId}_${includeExamples}`;
10
- const cached = this.getCachedSafeguardDetails(cacheKey);
11
- if (cached) {
12
- return cached;
13
- }
14
- const safeguard = this.safeguards[safeguardId];
15
- if (!safeguard) {
16
- return null;
17
- }
18
- // Add examples if requested
19
- let result = { ...safeguard };
20
- if (includeExamples) {
21
- result = this.addImplementationExamples(result);
22
- }
23
- // Cache the result
24
- this.cache.set(cacheKey, {
25
- data: result,
26
- timestamp: Date.now()
27
- });
28
- return result;
29
- }
30
- listAvailableSafeguards() {
31
- // Check cache first
32
- const cached = this.cache.get('safeguard_list');
33
- if (cached && (Date.now() - cached.timestamp < 10 * 60 * 1000)) { // 10 minute cache
34
- return cached.data;
35
- }
36
- const safeguardList = Object.keys(this.safeguards).sort((a, b) => {
37
- const [aMajor, aMinor] = a.split('.').map(Number);
38
- const [bMajor, bMinor] = b.split('.').map(Number);
39
- return aMajor - bMajor || aMinor - bMinor;
40
- });
41
- // Cache the result
42
- this.cache.set('safeguard_list', {
43
- data: safeguardList,
44
- timestamp: Date.now()
45
- });
46
- return safeguardList;
47
- }
48
- getAllSafeguards() {
49
- return { ...this.safeguards };
50
- }
51
- validateSafeguardId(safeguardId) {
52
- if (!safeguardId || typeof safeguardId !== 'string') {
53
- throw new Error('Safeguard ID is required and must be a string');
54
- }
55
- if (!/^[0-9]+\.[0-9]+$/.test(safeguardId)) {
56
- throw new Error('Safeguard ID must be in format "X.Y" (e.g., "1.1", "5.1")');
57
- }
58
- if (!this.safeguards[safeguardId]) {
59
- const availableSafeguards = this.listAvailableSafeguards();
60
- throw new Error(`Safeguard ${safeguardId} not found. Available safeguards: ${availableSafeguards.join(', ')}`);
61
- }
62
- }
63
- getCachedSafeguardDetails(cacheKey) {
64
- const cached = this.cache.get(cacheKey);
65
- if (cached && (Date.now() - cached.timestamp < 5 * 60 * 1000)) { // 5 minute cache
66
- return cached.data;
67
- }
68
- return null;
69
- }
70
- addImplementationExamples(safeguard) {
71
- // Add implementation examples based on safeguard type
72
- const examples = this.getImplementationExamples(safeguard.id);
73
- return {
74
- ...safeguard,
75
- implementationSuggestions: [
76
- ...safeguard.implementationSuggestions,
77
- ...examples
78
- ]
79
- };
80
- }
81
- getImplementationExamples(safeguardId) {
82
- const exampleMap = {
83
- "1.1": [
84
- "Example: Use Lansweeper for automated asset discovery",
85
- "Example: Implement ServiceNow CMDB for centralized tracking",
86
- "Example: Deploy Microsoft SCCM for Windows asset management"
87
- ],
88
- "5.1": [
89
- "Example: Use Azure AD for centralized account management",
90
- "Example: Implement Okta for identity lifecycle management",
91
- "Example: Deploy JumpCloud for directory services"
92
- ],
93
- "6.3": [
94
- "Example: Enable Azure MFA for all external applications",
95
- "Example: Implement Duo Security for multi-factor authentication",
96
- "Example: Use Google Workspace SSO with MFA enforcement"
97
- ],
98
- "7.1": [
99
- "Example: Establish Nessus vulnerability scanning schedule",
100
- "Example: Implement Qualys VMDR for continuous monitoring",
101
- "Example: Use Rapid7 InsightVM for vulnerability management"
102
- ]
103
- };
104
- return exampleMap[safeguardId] || [];
105
- }
106
- initializeSafeguards() {
107
- // Initialize the complete CIS Controls Framework data
108
- // TODO: Replace with complete 153 safeguards dataset - currently using temporary placeholder
109
- // The complete dataset will be loaded from the original implementation
110
- console.warn('⚠️ KNOWN BUG: SafeguardManager only loads 5 sample safeguards instead of complete 153 CIS Controls v8.1 dataset');
111
- this.safeguards = {
112
- "1.1": {
113
- id: "1.1",
114
- title: "Establish and Maintain a Detailed Enterprise Asset Inventory",
115
- description: "Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data",
116
- implementationGroup: "IG1",
117
- assetType: ["end-user devices", "network devices", "IoT devices", "servers"],
118
- securityFunction: ["Identify"],
119
- governanceElements: [
120
- "establish inventory process",
121
- "maintain inventory process",
122
- "documented process",
123
- "review and update bi-annually",
124
- "enterprise asset management policy"
125
- ],
126
- coreRequirements: [
127
- "accurate inventory",
128
- "detailed inventory",
129
- "up-to-date inventory",
130
- "all enterprise assets",
131
- "potential to store or process data"
132
- ],
133
- subTaxonomicalElements: [
134
- "network address (if static)",
135
- "hardware address",
136
- "machine name",
137
- "enterprise asset owner",
138
- "department for each asset",
139
- "approved to connect to network",
140
- "end-user devices (portable and mobile)",
141
- "network devices",
142
- "non-computing/IoT devices",
143
- "servers",
144
- "physical connection",
145
- "virtual connection",
146
- "remote connection",
147
- "cloud environments",
148
- "regularly connected devices not under enterprise control"
149
- ],
150
- implementationSuggestions: [
151
- "MDM type tools for mobile devices",
152
- "enterprise and software asset management tool",
153
- "asset discovery tools",
154
- "DHCP logging",
155
- "passive discovery tools"
156
- ],
157
- relatedSafeguards: ["1.2", "1.3", "1.4", "1.5", "2.1", "3.2", "4.1", "5.1"],
158
- keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"]
159
- },
160
- "1.2": {
161
- id: "1.2",
162
- title: "Address Unauthorized Assets",
163
- description: "Ensure that a process exists to address unauthorized assets on a weekly basis",
164
- implementationGroup: "IG1",
165
- assetType: ["devices"],
166
- securityFunction: ["Respond"],
167
- governanceElements: [
168
- "ensure process exists",
169
- "weekly basis requirement",
170
- "unauthorized asset handling policy"
171
- ],
172
- coreRequirements: [
173
- "address unauthorized assets",
174
- "process to handle unauthorized devices",
175
- "weekly execution"
176
- ],
177
- subTaxonomicalElements: [
178
- "unauthorized asset detection",
179
- "asset classification",
180
- "response timeline",
181
- "documentation requirements",
182
- "quarantine procedures",
183
- "removal procedures"
184
- ],
185
- implementationSuggestions: [
186
- "network access control (NAC) solutions",
187
- "automated asset discovery tools",
188
- "network monitoring systems",
189
- "SIEM integration"
190
- ],
191
- relatedSafeguards: ["1.1", "1.3", "12.1", "13.1"],
192
- keywords: ["unauthorized", "assets", "weekly", "address", "process", "detection", "quarantine"]
193
- },
194
- "5.1": {
195
- id: "5.1",
196
- title: "Establish and Maintain an Inventory of Accounts",
197
- description: "Establish and maintain an inventory of all accounts managed in the enterprise",
198
- implementationGroup: "IG1",
199
- assetType: ["users"],
200
- securityFunction: ["Identify"],
201
- governanceElements: [
202
- "establish inventory process",
203
- "maintain inventory process",
204
- "validate all active accounts are authorized",
205
- "recurring schedule minimum quarterly",
206
- "account management policy"
207
- ],
208
- coreRequirements: [
209
- "inventory of all accounts",
210
- "user accounts",
211
- "administrator accounts",
212
- "managed in the enterprise"
213
- ],
214
- subTaxonomicalElements: [
215
- "person's name",
216
- "username",
217
- "start/stop dates",
218
- "department",
219
- "account status",
220
- "account type",
221
- "access rights",
222
- "last login date"
223
- ],
224
- implementationSuggestions: [
225
- "identity and access management tool",
226
- "directory services",
227
- "automated account provisioning",
228
- "account lifecycle management",
229
- "role-based access control system"
230
- ],
231
- relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2"],
232
- keywords: ["accounts", "inventory", "user", "administrator", "name", "username", "dates", "department", "quarterly"]
233
- },
234
- "6.3": {
235
- id: "6.3",
236
- title: "Require MFA for Externally-Exposed Applications",
237
- description: "Require all externally-exposed enterprise or third-party applications to enforce MFA",
238
- implementationGroup: "IG1",
239
- assetType: ["users"],
240
- securityFunction: ["Protect"],
241
- governanceElements: [
242
- "require MFA enforcement",
243
- "policy for externally-exposed applications",
244
- "MFA compliance verification"
245
- ],
246
- coreRequirements: [
247
- "multi-factor authentication",
248
- "all externally-exposed applications",
249
- "enterprise applications",
250
- "third-party applications",
251
- "enforce MFA where supported"
252
- ],
253
- subTaxonomicalElements: [
254
- "authentication factors",
255
- "something you know (password)",
256
- "something you have (token)",
257
- "something you are (biometric)",
258
- "external access points",
259
- "application inventory",
260
- "exposure assessment"
261
- ],
262
- implementationSuggestions: [
263
- "directory service enforcement",
264
- "SSO provider enforcement",
265
- "multi-factor authentication tools",
266
- "SAML integration",
267
- "OAuth implementation",
268
- "conditional access policies"
269
- ],
270
- relatedSafeguards: ["2.1", "4.1", "5.1", "6.1", "6.2"],
271
- keywords: ["MFA", "multi-factor", "authentication", "externally-exposed", "applications", "third-party", "SSO", "directory"]
272
- },
273
- "7.1": {
274
- id: "7.1",
275
- title: "Establish and Maintain a Vulnerability Management Process",
276
- description: "Establish and maintain a documented vulnerability management process for enterprise assets",
277
- implementationGroup: "IG1",
278
- assetType: ["documentation"],
279
- securityFunction: ["Govern"],
280
- governanceElements: [
281
- "establish documented process",
282
- "maintain vulnerability management process",
283
- "review and update documentation annually",
284
- "update when significant enterprise changes occur",
285
- "vulnerability management policy"
286
- ],
287
- coreRequirements: [
288
- "vulnerability management process",
289
- "enterprise assets scope",
290
- "documented procedures",
291
- "vulnerability identification",
292
- "vulnerability assessment"
293
- ],
294
- subTaxonomicalElements: [
295
- "vulnerability scanning procedures",
296
- "risk assessment criteria",
297
- "remediation prioritization",
298
- "patch management integration",
299
- "vulnerability tracking",
300
- "reporting requirements",
301
- "roles and responsibilities",
302
- "escalation procedures"
303
- ],
304
- implementationSuggestions: [
305
- "vulnerability scanning tools",
306
- "patch management systems",
307
- "vulnerability databases",
308
- "CVSS scoring",
309
- "automated scanning",
310
- "vulnerability management platforms"
311
- ],
312
- relatedSafeguards: ["1.1", "2.1", "7.2", "7.3", "7.4", "7.5", "7.6", "7.7"],
313
- keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"]
314
- }
315
- };
316
- }
317
- }
318
- //# sourceMappingURL=safeguard-manager.backup.js.map