framework-mcp 2.4.4 → 2.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +60 -161
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.js +3 -3
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/package.json +1 -1
- package/src/core/safeguard-manager.ts +49 -150
- package/src/interfaces/http/http-server.ts +3 -3
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/swagger.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;
|
|
1
|
+
{"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAwzgB7B"}
|
|
@@ -2820,33 +2820,23 @@ export class SafeguardManager {
|
|
|
2820
2820
|
assetType: ["Users"],
|
|
2821
2821
|
securityFunction: ["Identify"],
|
|
2822
2822
|
governanceElements: [
|
|
2823
|
-
"Establish and maintain
|
|
2824
|
-
"
|
|
2825
|
-
"At a minimum, should contain the person's name, username, start/stop dates, and department",
|
|
2823
|
+
"Establish and maintain",
|
|
2824
|
+
"Must include",
|
|
2826
2825
|
"Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently"
|
|
2827
2826
|
],
|
|
2828
2827
|
coreRequirements: [
|
|
2829
2828
|
"Inventory of Accounts"
|
|
2830
2829
|
],
|
|
2831
2830
|
subTaxonomicalElements: [
|
|
2832
|
-
"Establish",
|
|
2833
|
-
"Maintain",
|
|
2834
|
-
"Validate that all active accounts are authorized",
|
|
2835
|
-
"Recurring schedule",
|
|
2836
|
-
"Must Include",
|
|
2837
|
-
"At a minimum",
|
|
2838
|
-
"Minimum Quarterly",
|
|
2839
|
-
"More Frequently",
|
|
2840
2831
|
"User Accounts",
|
|
2841
2832
|
"Administrator Accounts",
|
|
2833
|
+
"Service Accounts",
|
|
2842
2834
|
"Name",
|
|
2843
2835
|
"Username",
|
|
2844
2836
|
"Start Stop Dates",
|
|
2845
2837
|
"Department"
|
|
2846
2838
|
],
|
|
2847
|
-
implementationSuggestions: [
|
|
2848
|
-
"Account and Access Control Management",
|
|
2849
|
-
"Identity and Access Management Tool"
|
|
2839
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2850
2840
|
],
|
|
2851
2841
|
relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2", "6.7", "12.8"],
|
|
2852
2842
|
systemPromptFull: {
|
|
@@ -2903,22 +2893,16 @@ export class SafeguardManager {
|
|
|
2903
2893
|
assetType: ["Users"],
|
|
2904
2894
|
securityFunction: ["Protect"],
|
|
2905
2895
|
governanceElements: [
|
|
2906
|
-
"Use
|
|
2907
|
-
"
|
|
2896
|
+
"Use",
|
|
2897
|
+
"At a minimum, an 8-character password for accounts using Multi-Factor Authentication (MFA) and a 14-character password for accounts not using MFA"
|
|
2908
2898
|
],
|
|
2909
2899
|
coreRequirements: [
|
|
2910
2900
|
"Unique Passwords"
|
|
2911
2901
|
],
|
|
2912
2902
|
subTaxonomicalElements: [
|
|
2913
|
-
"
|
|
2914
|
-
"At a minimum",
|
|
2915
|
-
"All Enterprise Assets",
|
|
2916
|
-
"8-character password for accounts using MFA",
|
|
2917
|
-
"14-character password for accounts not using MFA"
|
|
2903
|
+
"All Enterprise Assets"
|
|
2918
2904
|
],
|
|
2919
|
-
implementationSuggestions: [
|
|
2920
|
-
"Account and Access Control Management",
|
|
2921
|
-
"Password Management Tool"
|
|
2905
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2922
2906
|
],
|
|
2923
2907
|
relatedSafeguards: ["5.1"],
|
|
2924
2908
|
systemPromptFull: {
|
|
@@ -2975,20 +2959,16 @@ export class SafeguardManager {
|
|
|
2975
2959
|
assetType: ["Users"],
|
|
2976
2960
|
securityFunction: ["Protect"],
|
|
2977
2961
|
governanceElements: [
|
|
2978
|
-
"
|
|
2962
|
+
"after a period of 45 days of inactivity",
|
|
2963
|
+
"where supported"
|
|
2979
2964
|
],
|
|
2980
2965
|
coreRequirements: [
|
|
2981
2966
|
"Dormant Accounts"
|
|
2982
2967
|
],
|
|
2983
2968
|
subTaxonomicalElements: [
|
|
2984
|
-
"
|
|
2985
|
-
"Delete",
|
|
2986
|
-
"Period of 45 days of inactivity",
|
|
2987
|
-
"Where Supported"
|
|
2969
|
+
"Dormant Accounts"
|
|
2988
2970
|
],
|
|
2989
|
-
implementationSuggestions: [
|
|
2990
|
-
"Account and Access Control Management",
|
|
2991
|
-
"Identity and Access Management Tool"
|
|
2971
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2992
2972
|
],
|
|
2993
2973
|
relatedSafeguards: ["5.1"],
|
|
2994
2974
|
systemPromptFull: {
|
|
@@ -3045,22 +3025,18 @@ export class SafeguardManager {
|
|
|
3045
3025
|
assetType: ["Users"],
|
|
3046
3026
|
securityFunction: ["Protect"],
|
|
3047
3027
|
governanceElements: [
|
|
3048
|
-
"Restrict
|
|
3049
|
-
"Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account"
|
|
3028
|
+
"Restrict"
|
|
3050
3029
|
],
|
|
3051
3030
|
coreRequirements: [
|
|
3052
3031
|
"Administrator Privileges",
|
|
3053
3032
|
"Dedicated Admin Accounts"
|
|
3054
3033
|
],
|
|
3055
3034
|
subTaxonomicalElements: [
|
|
3056
|
-
"Restrict",
|
|
3057
3035
|
"Enterprise assets",
|
|
3058
3036
|
"User's primary, non-privileged account",
|
|
3059
3037
|
"General Computing Activities"
|
|
3060
3038
|
],
|
|
3061
3039
|
implementationSuggestions: [
|
|
3062
|
-
"Account and Access Control Management",
|
|
3063
|
-
"Identity and Access Management Tool",
|
|
3064
3040
|
"Such as",
|
|
3065
3041
|
"Internet browsing",
|
|
3066
3042
|
"Email",
|
|
@@ -3121,29 +3097,20 @@ export class SafeguardManager {
|
|
|
3121
3097
|
assetType: ["Users"],
|
|
3122
3098
|
securityFunction: ["Identify"],
|
|
3123
3099
|
governanceElements: [
|
|
3124
|
-
"Establish and maintain
|
|
3125
|
-
"
|
|
3126
|
-
"Perform service account reviews to validate that all active accounts are authorized,
|
|
3100
|
+
"Establish and maintain",
|
|
3101
|
+
"at a minimum, must contain",
|
|
3102
|
+
"Perform service account reviews to validate that all active accounts are authorized",
|
|
3103
|
+
"recurring schedule at a minimum quarterly, or more frequently"
|
|
3127
3104
|
],
|
|
3128
3105
|
coreRequirements: [
|
|
3129
3106
|
"Inventory of Service Accounts"
|
|
3130
3107
|
],
|
|
3131
3108
|
subTaxonomicalElements: [
|
|
3132
|
-
"Establish",
|
|
3133
|
-
"Maintain",
|
|
3134
|
-
"At a Minimum Must Contain",
|
|
3135
|
-
"Perform service account reviews to validate that all active accounts are authorized",
|
|
3136
|
-
"On a recurring schedule",
|
|
3137
3109
|
"Department Owner",
|
|
3138
3110
|
"Review date",
|
|
3139
|
-
"Purpose"
|
|
3140
|
-
"At a minimum quarterly",
|
|
3141
|
-
"More frequently",
|
|
3142
|
-
"Or"
|
|
3111
|
+
"Purpose"
|
|
3143
3112
|
],
|
|
3144
|
-
implementationSuggestions: [
|
|
3145
|
-
"Account and Access Control Management",
|
|
3146
|
-
"Identity and Access Management Tool"
|
|
3113
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3147
3114
|
],
|
|
3148
3115
|
relatedSafeguards: ["5.1"],
|
|
3149
3116
|
systemPromptFull: {
|
|
@@ -3200,20 +3167,16 @@ export class SafeguardManager {
|
|
|
3200
3167
|
assetType: ["Users"],
|
|
3201
3168
|
securityFunction: ["Govern"],
|
|
3202
3169
|
governanceElements: [
|
|
3203
|
-
"Centralize
|
|
3170
|
+
"Centralize"
|
|
3204
3171
|
],
|
|
3205
3172
|
coreRequirements: [
|
|
3206
3173
|
"Account Management"
|
|
3207
3174
|
],
|
|
3208
3175
|
subTaxonomicalElements: [
|
|
3209
|
-
"Centralize",
|
|
3210
3176
|
"Directory Service",
|
|
3211
|
-
"Identity Service"
|
|
3212
|
-
"Or"
|
|
3177
|
+
"Identity Service"
|
|
3213
3178
|
],
|
|
3214
|
-
implementationSuggestions: [
|
|
3215
|
-
"Account and Access Control Management",
|
|
3216
|
-
"Identity and Access Management Tool"
|
|
3179
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3217
3180
|
],
|
|
3218
3181
|
relatedSafeguards: ["5.1", "6.6", "6.7", "12.5"],
|
|
3219
3182
|
systemPromptFull: {
|
|
@@ -3267,30 +3230,22 @@ export class SafeguardManager {
|
|
|
3267
3230
|
title: "Establish an Access Granting Process",
|
|
3268
3231
|
description: "Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.",
|
|
3269
3232
|
implementationGroup: "IG1",
|
|
3270
|
-
assetType: ["
|
|
3233
|
+
assetType: ["Documentation"],
|
|
3271
3234
|
securityFunction: ["Govern"],
|
|
3272
3235
|
governanceElements: [
|
|
3273
3236
|
"Establish",
|
|
3274
|
-
"Follow"
|
|
3275
|
-
"Account and Access Control Management",
|
|
3276
|
-
"Account and Credential Management Policy/Process",
|
|
3277
|
-
"Documentation"
|
|
3237
|
+
"Follow"
|
|
3278
3238
|
],
|
|
3279
3239
|
coreRequirements: [
|
|
3280
3240
|
"documented process",
|
|
3281
3241
|
"granting access to enterprise assets"
|
|
3282
3242
|
],
|
|
3283
3243
|
subTaxonomicalElements: [
|
|
3284
|
-
"preferably automated",
|
|
3285
3244
|
"upon new hire",
|
|
3286
3245
|
"role change of a user",
|
|
3287
|
-
"New Hire",
|
|
3288
|
-
"Role Change",
|
|
3289
3246
|
"Enterprise assets"
|
|
3290
3247
|
],
|
|
3291
|
-
implementationSuggestions: [
|
|
3292
|
-
"Account and Access Control Management",
|
|
3293
|
-
"Account and Credential Management Policy/Process"
|
|
3248
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3294
3249
|
],
|
|
3295
3250
|
relatedSafeguards: ["5.1", "6.7", "6.8"],
|
|
3296
3251
|
systemPromptFull: {
|
|
@@ -3344,25 +3299,17 @@ export class SafeguardManager {
|
|
|
3344
3299
|
title: "Establish an Access Revoking Process",
|
|
3345
3300
|
description: "Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.",
|
|
3346
3301
|
implementationGroup: "IG1",
|
|
3347
|
-
assetType: ["
|
|
3302
|
+
assetType: ["Documentation"],
|
|
3348
3303
|
securityFunction: ["Govern"],
|
|
3349
3304
|
governanceElements: [
|
|
3350
3305
|
"Establish",
|
|
3351
3306
|
"Follow",
|
|
3352
|
-
"
|
|
3353
|
-
"Account and Credential Management Policy/Process",
|
|
3354
|
-
"Documentation"
|
|
3307
|
+
"Disabling Accounts, instead of Deleting accounts, may be necessary to preserve audit trails"
|
|
3355
3308
|
],
|
|
3356
3309
|
coreRequirements: [
|
|
3357
|
-
"
|
|
3358
|
-
"revoking access to enterprise assets",
|
|
3359
|
-
"disabling accounts immediately"
|
|
3310
|
+
"Access Revoking Process"
|
|
3360
3311
|
],
|
|
3361
3312
|
subTaxonomicalElements: [
|
|
3362
|
-
"preferably automated",
|
|
3363
|
-
"upon termination",
|
|
3364
|
-
"rights revocation",
|
|
3365
|
-
"role change of a user",
|
|
3366
3313
|
"Role Change",
|
|
3367
3314
|
"Termination",
|
|
3368
3315
|
"Rights revocation",
|
|
@@ -3370,9 +3317,7 @@ export class SafeguardManager {
|
|
|
3370
3317
|
"Disabling accounts immediately"
|
|
3371
3318
|
],
|
|
3372
3319
|
implementationSuggestions: [
|
|
3373
|
-
"
|
|
3374
|
-
"Account and Access Control Management",
|
|
3375
|
-
"Account and Credential Management Policy/Process"
|
|
3320
|
+
"Preferably Automated"
|
|
3376
3321
|
],
|
|
3377
3322
|
relatedSafeguards: ["5.1", "6.7"],
|
|
3378
3323
|
systemPromptFull: {
|
|
@@ -3430,24 +3375,18 @@ export class SafeguardManager {
|
|
|
3430
3375
|
securityFunction: ["Protect"],
|
|
3431
3376
|
governanceElements: [
|
|
3432
3377
|
"Require",
|
|
3433
|
-
"
|
|
3434
|
-
"
|
|
3378
|
+
"Enforce",
|
|
3379
|
+
"Where Supported"
|
|
3435
3380
|
],
|
|
3436
3381
|
coreRequirements: [
|
|
3437
3382
|
"all externally-exposed enterprise or third-party applications to enforce MFA",
|
|
3438
|
-
"
|
|
3383
|
+
"MFA - Multi Factor Authentication"
|
|
3439
3384
|
],
|
|
3440
3385
|
subTaxonomicalElements: [
|
|
3441
|
-
"
|
|
3442
|
-
"Enforce",
|
|
3443
|
-
"Where supported"
|
|
3386
|
+
"MFA for all externally exposed enterprise or third-party applications"
|
|
3444
3387
|
],
|
|
3445
3388
|
implementationSuggestions: [
|
|
3446
|
-
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
3447
|
-
"Directory service",
|
|
3448
|
-
"SSO Provider",
|
|
3449
|
-
"Account and Access Control Management",
|
|
3450
|
-
"Multi-Factor Authentication Tool"
|
|
3389
|
+
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
3451
3390
|
],
|
|
3452
3391
|
relatedSafeguards: ["2.1", "4.1"],
|
|
3453
3392
|
systemPromptFull: {
|
|
@@ -3504,20 +3443,15 @@ export class SafeguardManager {
|
|
|
3504
3443
|
assetType: ["Users"],
|
|
3505
3444
|
securityFunction: ["Protect"],
|
|
3506
3445
|
governanceElements: [
|
|
3507
|
-
"Require"
|
|
3508
|
-
"Account and Access Control Management",
|
|
3509
|
-
"Multi-Factor Authentication Tool"
|
|
3446
|
+
"Require"
|
|
3510
3447
|
],
|
|
3511
3448
|
coreRequirements: [
|
|
3512
|
-
"MFA"
|
|
3513
|
-
"remote network access"
|
|
3449
|
+
"MFA for remote network access"
|
|
3514
3450
|
],
|
|
3515
3451
|
subTaxonomicalElements: [
|
|
3516
|
-
"Remote Network Access"
|
|
3452
|
+
"MFA for Remote Network Access"
|
|
3517
3453
|
],
|
|
3518
|
-
implementationSuggestions: [
|
|
3519
|
-
"Account and Access Control Management",
|
|
3520
|
-
"Multi-Factor Authentication Tool"
|
|
3454
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3521
3455
|
],
|
|
3522
3456
|
relatedSafeguards: ["4.2", "12.7"],
|
|
3523
3457
|
systemPromptFull: {
|
|
@@ -3575,25 +3509,17 @@ export class SafeguardManager {
|
|
|
3575
3509
|
securityFunction: ["Protect"],
|
|
3576
3510
|
governanceElements: [
|
|
3577
3511
|
"Require",
|
|
3578
|
-
"
|
|
3579
|
-
"Multi-Factor Authentication Tool"
|
|
3512
|
+
"Where Supported"
|
|
3580
3513
|
],
|
|
3581
3514
|
coreRequirements: [
|
|
3582
|
-
"MFA"
|
|
3583
|
-
"all administrative access accounts",
|
|
3584
|
-
"all enterprise assets"
|
|
3515
|
+
"MFA on all administrative access accounts"
|
|
3585
3516
|
],
|
|
3586
3517
|
subTaxonomicalElements: [
|
|
3587
|
-
"where supported",
|
|
3588
3518
|
"All Admin Access Accounts",
|
|
3589
3519
|
"All enterprise assets",
|
|
3590
|
-
"Onsite Management"
|
|
3591
|
-
"Service Provider",
|
|
3592
|
-
"Or"
|
|
3520
|
+
"Onsite Management accounts or Service Provider Admin Accounts"
|
|
3593
3521
|
],
|
|
3594
|
-
implementationSuggestions: [
|
|
3595
|
-
"Account and Access Control Management",
|
|
3596
|
-
"Multi-Factor Authentication Tool"
|
|
3522
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3597
3523
|
],
|
|
3598
3524
|
relatedSafeguards: ["4.1"],
|
|
3599
3525
|
systemPromptFull: {
|
|
@@ -3647,30 +3573,22 @@ export class SafeguardManager {
|
|
|
3647
3573
|
title: "Establish and Maintain an Inventory of Authentication and Authorization Systems",
|
|
3648
3574
|
description: "Establish and maintain an inventory of the enterprise's authentication and authorization systems, including those hosted on-site or at a remote service provider. Review and update the inventory, at a minimum, annually, or more frequently.",
|
|
3649
3575
|
implementationGroup: "IG2",
|
|
3650
|
-
assetType: ["
|
|
3576
|
+
assetType: ["Software"],
|
|
3651
3577
|
securityFunction: ["Identify"],
|
|
3652
3578
|
governanceElements: [
|
|
3653
3579
|
"Establish",
|
|
3654
3580
|
"maintain",
|
|
3655
|
-
"Review and update",
|
|
3656
|
-
"
|
|
3657
|
-
"Account and Credential Management Policy/Process"
|
|
3581
|
+
"Review and update inventory",
|
|
3582
|
+
"At a minimum, monthly or more frequenlty"
|
|
3658
3583
|
],
|
|
3659
3584
|
coreRequirements: [
|
|
3660
3585
|
"inventory of the enterprise's authentication and authorization systems"
|
|
3661
3586
|
],
|
|
3662
3587
|
subTaxonomicalElements: [
|
|
3663
|
-
"
|
|
3664
|
-
"at a
|
|
3665
|
-
"Hosted on-site",
|
|
3666
|
-
"Remote Service Provider",
|
|
3667
|
-
"Or",
|
|
3668
|
-
"At a minimum Annually",
|
|
3669
|
-
"More frequently"
|
|
3588
|
+
"hosted on-site",
|
|
3589
|
+
"hosted at a remote service provider"
|
|
3670
3590
|
],
|
|
3671
|
-
implementationSuggestions: [
|
|
3672
|
-
"Account and Access Control Management",
|
|
3673
|
-
"Account and Credential Management Policy/Process"
|
|
3591
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3674
3592
|
],
|
|
3675
3593
|
relatedSafeguards: ["1.1", "2.1", "3.3", "5.6", "6.7"],
|
|
3676
3594
|
systemPromptFull: {
|
|
@@ -3728,27 +3646,17 @@ export class SafeguardManager {
|
|
|
3728
3646
|
securityFunction: ["Protect"],
|
|
3729
3647
|
governanceElements: [
|
|
3730
3648
|
"Centralize",
|
|
3731
|
-
"
|
|
3732
|
-
"Account and Credential Management Policy/Process",
|
|
3733
|
-
"Identity and Access Management Tool"
|
|
3649
|
+
"Where Supported"
|
|
3734
3650
|
],
|
|
3735
3651
|
coreRequirements: [
|
|
3736
|
-
"access control"
|
|
3737
|
-
"all enterprise assets"
|
|
3652
|
+
"access control"
|
|
3738
3653
|
],
|
|
3739
3654
|
subTaxonomicalElements: [
|
|
3740
3655
|
"through a directory service or SSO provider",
|
|
3741
|
-
"
|
|
3742
|
-
"
|
|
3743
|
-
"SSO Provider",
|
|
3744
|
-
"Or",
|
|
3745
|
-
"All enterprise assets",
|
|
3746
|
-
"Where Supported"
|
|
3656
|
+
"Directory Service or SSO Provider",
|
|
3657
|
+
"All enterprise assets"
|
|
3747
3658
|
],
|
|
3748
|
-
implementationSuggestions: [
|
|
3749
|
-
"Account and Access Control Management",
|
|
3750
|
-
"Account and Credential Management Policy/Process",
|
|
3751
|
-
"Identity and Access Management Tool"
|
|
3659
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3752
3660
|
],
|
|
3753
3661
|
relatedSafeguards: ["4.1", "5.1", "5.6", "6.1", "6.2", "6.6", "12.5", "12.7"],
|
|
3754
3662
|
systemPromptFull: {
|
|
@@ -3807,30 +3715,21 @@ export class SafeguardManager {
|
|
|
3807
3715
|
governanceElements: [
|
|
3808
3716
|
"Define",
|
|
3809
3717
|
"maintain",
|
|
3810
|
-
"
|
|
3811
|
-
"
|
|
3812
|
-
"
|
|
3813
|
-
"Identity and Access management Tool"
|
|
3718
|
+
"Necessary",
|
|
3719
|
+
"Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule",
|
|
3720
|
+
"At a mimimum Annually, or more Frequently"
|
|
3814
3721
|
],
|
|
3815
3722
|
coreRequirements: [
|
|
3816
|
-
"role-based access control"
|
|
3817
|
-
"determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties"
|
|
3723
|
+
"role-based access control"
|
|
3818
3724
|
],
|
|
3819
3725
|
subTaxonomicalElements: [
|
|
3820
3726
|
"Access rights",
|
|
3821
3727
|
"Each Role",
|
|
3822
|
-
"
|
|
3823
|
-
"Successfully carry out its assigned duties",
|
|
3728
|
+
"Neccesary to Successfully carry out its assigned duties",
|
|
3824
3729
|
"Determining",
|
|
3825
|
-
"Documenting"
|
|
3826
|
-
"At a minimum Annually",
|
|
3827
|
-
"More frequently",
|
|
3828
|
-
"Or"
|
|
3730
|
+
"Documenting"
|
|
3829
3731
|
],
|
|
3830
|
-
implementationSuggestions: [
|
|
3831
|
-
"Account and Access Control Management",
|
|
3832
|
-
"Account and Credential Management Policy/Process",
|
|
3833
|
-
"Identity and Access management Tool"
|
|
3732
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3834
3733
|
],
|
|
3835
3734
|
relatedSafeguards: ["3.3", "4.1", "6.1"],
|
|
3836
3735
|
systemPromptFull: {
|