framework-mcp 2.4.5 → 2.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +39 -106
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.js +3 -3
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/package.json +1 -1
- package/src/core/safeguard-manager.ts +33 -100
- package/src/interfaces/http/http-server.ts +3 -3
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/swagger.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;
|
|
1
|
+
{"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAwzgB7B"}
|
|
@@ -2966,10 +2966,7 @@ export class SafeguardManager {
|
|
|
2966
2966
|
"Dormant Accounts"
|
|
2967
2967
|
],
|
|
2968
2968
|
subTaxonomicalElements: [
|
|
2969
|
-
"
|
|
2970
|
-
"Delete",
|
|
2971
|
-
"Period of 45 days of inactivity",
|
|
2972
|
-
"Where Supported"
|
|
2969
|
+
"Dormant Accounts"
|
|
2973
2970
|
],
|
|
2974
2971
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2975
2972
|
],
|
|
@@ -3233,30 +3230,22 @@ export class SafeguardManager {
|
|
|
3233
3230
|
title: "Establish an Access Granting Process",
|
|
3234
3231
|
description: "Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.",
|
|
3235
3232
|
implementationGroup: "IG1",
|
|
3236
|
-
assetType: ["
|
|
3233
|
+
assetType: ["Documentation"],
|
|
3237
3234
|
securityFunction: ["Govern"],
|
|
3238
3235
|
governanceElements: [
|
|
3239
3236
|
"Establish",
|
|
3240
|
-
"Follow"
|
|
3241
|
-
"Account and Access Control Management",
|
|
3242
|
-
"Account and Credential Management Policy/Process",
|
|
3243
|
-
"Documentation"
|
|
3237
|
+
"Follow"
|
|
3244
3238
|
],
|
|
3245
3239
|
coreRequirements: [
|
|
3246
3240
|
"documented process",
|
|
3247
3241
|
"granting access to enterprise assets"
|
|
3248
3242
|
],
|
|
3249
3243
|
subTaxonomicalElements: [
|
|
3250
|
-
"preferably automated",
|
|
3251
3244
|
"upon new hire",
|
|
3252
3245
|
"role change of a user",
|
|
3253
|
-
"New Hire",
|
|
3254
|
-
"Role Change",
|
|
3255
3246
|
"Enterprise assets"
|
|
3256
3247
|
],
|
|
3257
|
-
implementationSuggestions: [
|
|
3258
|
-
"Account and Access Control Management",
|
|
3259
|
-
"Account and Credential Management Policy/Process"
|
|
3248
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3260
3249
|
],
|
|
3261
3250
|
relatedSafeguards: ["5.1", "6.7", "6.8"],
|
|
3262
3251
|
systemPromptFull: {
|
|
@@ -3310,25 +3299,17 @@ export class SafeguardManager {
|
|
|
3310
3299
|
title: "Establish an Access Revoking Process",
|
|
3311
3300
|
description: "Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.",
|
|
3312
3301
|
implementationGroup: "IG1",
|
|
3313
|
-
assetType: ["
|
|
3302
|
+
assetType: ["Documentation"],
|
|
3314
3303
|
securityFunction: ["Govern"],
|
|
3315
3304
|
governanceElements: [
|
|
3316
3305
|
"Establish",
|
|
3317
3306
|
"Follow",
|
|
3318
|
-
"
|
|
3319
|
-
"Account and Credential Management Policy/Process",
|
|
3320
|
-
"Documentation"
|
|
3307
|
+
"Disabling Accounts, instead of Deleting accounts, may be necessary to preserve audit trails"
|
|
3321
3308
|
],
|
|
3322
3309
|
coreRequirements: [
|
|
3323
|
-
"
|
|
3324
|
-
"revoking access to enterprise assets",
|
|
3325
|
-
"disabling accounts immediately"
|
|
3310
|
+
"Access Revoking Process"
|
|
3326
3311
|
],
|
|
3327
3312
|
subTaxonomicalElements: [
|
|
3328
|
-
"preferably automated",
|
|
3329
|
-
"upon termination",
|
|
3330
|
-
"rights revocation",
|
|
3331
|
-
"role change of a user",
|
|
3332
3313
|
"Role Change",
|
|
3333
3314
|
"Termination",
|
|
3334
3315
|
"Rights revocation",
|
|
@@ -3336,9 +3317,7 @@ export class SafeguardManager {
|
|
|
3336
3317
|
"Disabling accounts immediately"
|
|
3337
3318
|
],
|
|
3338
3319
|
implementationSuggestions: [
|
|
3339
|
-
"
|
|
3340
|
-
"Account and Access Control Management",
|
|
3341
|
-
"Account and Credential Management Policy/Process"
|
|
3320
|
+
"Preferably Automated"
|
|
3342
3321
|
],
|
|
3343
3322
|
relatedSafeguards: ["5.1", "6.7"],
|
|
3344
3323
|
systemPromptFull: {
|
|
@@ -3396,24 +3375,18 @@ export class SafeguardManager {
|
|
|
3396
3375
|
securityFunction: ["Protect"],
|
|
3397
3376
|
governanceElements: [
|
|
3398
3377
|
"Require",
|
|
3399
|
-
"
|
|
3400
|
-
"
|
|
3378
|
+
"Enforce",
|
|
3379
|
+
"Where Supported"
|
|
3401
3380
|
],
|
|
3402
3381
|
coreRequirements: [
|
|
3403
3382
|
"all externally-exposed enterprise or third-party applications to enforce MFA",
|
|
3404
|
-
"
|
|
3383
|
+
"MFA - Multi Factor Authentication"
|
|
3405
3384
|
],
|
|
3406
3385
|
subTaxonomicalElements: [
|
|
3407
|
-
"
|
|
3408
|
-
"Enforce",
|
|
3409
|
-
"Where supported"
|
|
3386
|
+
"MFA for all externally exposed enterprise or third-party applications"
|
|
3410
3387
|
],
|
|
3411
3388
|
implementationSuggestions: [
|
|
3412
|
-
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
3413
|
-
"Directory service",
|
|
3414
|
-
"SSO Provider",
|
|
3415
|
-
"Account and Access Control Management",
|
|
3416
|
-
"Multi-Factor Authentication Tool"
|
|
3389
|
+
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
3417
3390
|
],
|
|
3418
3391
|
relatedSafeguards: ["2.1", "4.1"],
|
|
3419
3392
|
systemPromptFull: {
|
|
@@ -3470,20 +3443,15 @@ export class SafeguardManager {
|
|
|
3470
3443
|
assetType: ["Users"],
|
|
3471
3444
|
securityFunction: ["Protect"],
|
|
3472
3445
|
governanceElements: [
|
|
3473
|
-
"Require"
|
|
3474
|
-
"Account and Access Control Management",
|
|
3475
|
-
"Multi-Factor Authentication Tool"
|
|
3446
|
+
"Require"
|
|
3476
3447
|
],
|
|
3477
3448
|
coreRequirements: [
|
|
3478
|
-
"MFA"
|
|
3479
|
-
"remote network access"
|
|
3449
|
+
"MFA for remote network access"
|
|
3480
3450
|
],
|
|
3481
3451
|
subTaxonomicalElements: [
|
|
3482
|
-
"Remote Network Access"
|
|
3452
|
+
"MFA for Remote Network Access"
|
|
3483
3453
|
],
|
|
3484
|
-
implementationSuggestions: [
|
|
3485
|
-
"Account and Access Control Management",
|
|
3486
|
-
"Multi-Factor Authentication Tool"
|
|
3454
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3487
3455
|
],
|
|
3488
3456
|
relatedSafeguards: ["4.2", "12.7"],
|
|
3489
3457
|
systemPromptFull: {
|
|
@@ -3541,25 +3509,17 @@ export class SafeguardManager {
|
|
|
3541
3509
|
securityFunction: ["Protect"],
|
|
3542
3510
|
governanceElements: [
|
|
3543
3511
|
"Require",
|
|
3544
|
-
"
|
|
3545
|
-
"Multi-Factor Authentication Tool"
|
|
3512
|
+
"Where Supported"
|
|
3546
3513
|
],
|
|
3547
3514
|
coreRequirements: [
|
|
3548
|
-
"MFA"
|
|
3549
|
-
"all administrative access accounts",
|
|
3550
|
-
"all enterprise assets"
|
|
3515
|
+
"MFA on all administrative access accounts"
|
|
3551
3516
|
],
|
|
3552
3517
|
subTaxonomicalElements: [
|
|
3553
|
-
"where supported",
|
|
3554
3518
|
"All Admin Access Accounts",
|
|
3555
3519
|
"All enterprise assets",
|
|
3556
|
-
"Onsite Management"
|
|
3557
|
-
"Service Provider",
|
|
3558
|
-
"Or"
|
|
3520
|
+
"Onsite Management accounts or Service Provider Admin Accounts"
|
|
3559
3521
|
],
|
|
3560
|
-
implementationSuggestions: [
|
|
3561
|
-
"Account and Access Control Management",
|
|
3562
|
-
"Multi-Factor Authentication Tool"
|
|
3522
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3563
3523
|
],
|
|
3564
3524
|
relatedSafeguards: ["4.1"],
|
|
3565
3525
|
systemPromptFull: {
|
|
@@ -3613,30 +3573,22 @@ export class SafeguardManager {
|
|
|
3613
3573
|
title: "Establish and Maintain an Inventory of Authentication and Authorization Systems",
|
|
3614
3574
|
description: "Establish and maintain an inventory of the enterprise's authentication and authorization systems, including those hosted on-site or at a remote service provider. Review and update the inventory, at a minimum, annually, or more frequently.",
|
|
3615
3575
|
implementationGroup: "IG2",
|
|
3616
|
-
assetType: ["
|
|
3576
|
+
assetType: ["Software"],
|
|
3617
3577
|
securityFunction: ["Identify"],
|
|
3618
3578
|
governanceElements: [
|
|
3619
3579
|
"Establish",
|
|
3620
3580
|
"maintain",
|
|
3621
|
-
"Review and update",
|
|
3622
|
-
"
|
|
3623
|
-
"Account and Credential Management Policy/Process"
|
|
3581
|
+
"Review and update inventory",
|
|
3582
|
+
"At a minimum, monthly or more frequenlty"
|
|
3624
3583
|
],
|
|
3625
3584
|
coreRequirements: [
|
|
3626
3585
|
"inventory of the enterprise's authentication and authorization systems"
|
|
3627
3586
|
],
|
|
3628
3587
|
subTaxonomicalElements: [
|
|
3629
|
-
"
|
|
3630
|
-
"at a
|
|
3631
|
-
"Hosted on-site",
|
|
3632
|
-
"Remote Service Provider",
|
|
3633
|
-
"Or",
|
|
3634
|
-
"At a minimum Annually",
|
|
3635
|
-
"More frequently"
|
|
3588
|
+
"hosted on-site",
|
|
3589
|
+
"hosted at a remote service provider"
|
|
3636
3590
|
],
|
|
3637
|
-
implementationSuggestions: [
|
|
3638
|
-
"Account and Access Control Management",
|
|
3639
|
-
"Account and Credential Management Policy/Process"
|
|
3591
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3640
3592
|
],
|
|
3641
3593
|
relatedSafeguards: ["1.1", "2.1", "3.3", "5.6", "6.7"],
|
|
3642
3594
|
systemPromptFull: {
|
|
@@ -3694,27 +3646,17 @@ export class SafeguardManager {
|
|
|
3694
3646
|
securityFunction: ["Protect"],
|
|
3695
3647
|
governanceElements: [
|
|
3696
3648
|
"Centralize",
|
|
3697
|
-
"
|
|
3698
|
-
"Account and Credential Management Policy/Process",
|
|
3699
|
-
"Identity and Access Management Tool"
|
|
3649
|
+
"Where Supported"
|
|
3700
3650
|
],
|
|
3701
3651
|
coreRequirements: [
|
|
3702
|
-
"access control"
|
|
3703
|
-
"all enterprise assets"
|
|
3652
|
+
"access control"
|
|
3704
3653
|
],
|
|
3705
3654
|
subTaxonomicalElements: [
|
|
3706
3655
|
"through a directory service or SSO provider",
|
|
3707
|
-
"
|
|
3708
|
-
"
|
|
3709
|
-
"SSO Provider",
|
|
3710
|
-
"Or",
|
|
3711
|
-
"All enterprise assets",
|
|
3712
|
-
"Where Supported"
|
|
3656
|
+
"Directory Service or SSO Provider",
|
|
3657
|
+
"All enterprise assets"
|
|
3713
3658
|
],
|
|
3714
|
-
implementationSuggestions: [
|
|
3715
|
-
"Account and Access Control Management",
|
|
3716
|
-
"Account and Credential Management Policy/Process",
|
|
3717
|
-
"Identity and Access Management Tool"
|
|
3659
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3718
3660
|
],
|
|
3719
3661
|
relatedSafeguards: ["4.1", "5.1", "5.6", "6.1", "6.2", "6.6", "12.5", "12.7"],
|
|
3720
3662
|
systemPromptFull: {
|
|
@@ -3773,30 +3715,21 @@ export class SafeguardManager {
|
|
|
3773
3715
|
governanceElements: [
|
|
3774
3716
|
"Define",
|
|
3775
3717
|
"maintain",
|
|
3776
|
-
"
|
|
3777
|
-
"
|
|
3778
|
-
"
|
|
3779
|
-
"Identity and Access management Tool"
|
|
3718
|
+
"Necessary",
|
|
3719
|
+
"Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule",
|
|
3720
|
+
"At a mimimum Annually, or more Frequently"
|
|
3780
3721
|
],
|
|
3781
3722
|
coreRequirements: [
|
|
3782
|
-
"role-based access control"
|
|
3783
|
-
"determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties"
|
|
3723
|
+
"role-based access control"
|
|
3784
3724
|
],
|
|
3785
3725
|
subTaxonomicalElements: [
|
|
3786
3726
|
"Access rights",
|
|
3787
3727
|
"Each Role",
|
|
3788
|
-
"
|
|
3789
|
-
"Successfully carry out its assigned duties",
|
|
3728
|
+
"Neccesary to Successfully carry out its assigned duties",
|
|
3790
3729
|
"Determining",
|
|
3791
|
-
"Documenting"
|
|
3792
|
-
"At a minimum Annually",
|
|
3793
|
-
"More frequently",
|
|
3794
|
-
"Or"
|
|
3730
|
+
"Documenting"
|
|
3795
3731
|
],
|
|
3796
|
-
implementationSuggestions: [
|
|
3797
|
-
"Account and Access Control Management",
|
|
3798
|
-
"Account and Credential Management Policy/Process",
|
|
3799
|
-
"Identity and Access management Tool"
|
|
3732
|
+
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
3800
3733
|
],
|
|
3801
3734
|
relatedSafeguards: ["3.3", "4.1", "6.1"],
|
|
3802
3735
|
systemPromptFull: {
|