icdev 1.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- icdev/__init__.py +18 -0
- icdev/_paths.py +85 -0
- icdev/_version.py +3 -0
- icdev/data/__init__.py +1 -0
- icdev/data/args/__init__.py +1 -0
- icdev/data/args/agent_authority.yaml +61 -0
- icdev/data/args/agent_config.yaml +355 -0
- icdev/data/args/agentic_fitness.yaml +31 -0
- icdev/data/args/ai_governance_config.yaml +137 -0
- icdev/data/args/atlas_critique_config.yaml +66 -0
- icdev/data/args/bedrock_models.yaml +63 -0
- icdev/data/args/cicd_config.yaml +82 -0
- icdev/data/args/classification_config.yaml +232 -0
- icdev/data/args/cli_config.yaml +154 -0
- icdev/data/args/cloud_config.yaml +63 -0
- icdev/data/args/code_pattern_config.yaml +151 -0
- icdev/data/args/code_quality_config.yaml +47 -0
- icdev/data/args/companion_registry.yaml +202 -0
- icdev/data/args/context_config.yaml +82 -0
- icdev/data/args/csp_monitor_config.yaml +268 -0
- icdev/data/args/cui_markings.yaml +35 -0
- icdev/data/args/db_config.yaml +40 -0
- icdev/data/args/deployment_profiles.yaml +248 -0
- icdev/data/args/dev_profile_config.yaml +144 -0
- icdev/data/args/devsecops_config.yaml +286 -0
- icdev/data/args/endpoint_security_config.yaml +137 -0
- icdev/data/args/extension_config.yaml +79 -0
- icdev/data/args/file_access_tiers.yaml +88 -0
- icdev/data/args/framework_registry.yaml +415 -0
- icdev/data/args/innovation_config.yaml +431 -0
- icdev/data/args/installation_manifest.yaml +1087 -0
- icdev/data/args/llm_config.yaml +495 -0
- icdev/data/args/maintenance_config.yaml +55 -0
- icdev/data/args/memory_config.yaml +83 -0
- icdev/data/args/monitoring_config.yaml +127 -0
- icdev/data/args/mosa_config.yaml +190 -0
- icdev/data/args/nlq_config.yaml +35 -0
- icdev/data/args/observability_config.yaml +39 -0
- icdev/data/args/observability_tracing_config.yaml +170 -0
- icdev/data/args/oscal_tools_config.yaml +43 -0
- icdev/data/args/owasp_agentic_config.yaml +171 -0
- icdev/data/args/phase_registry.yaml +618 -0
- icdev/data/args/project_defaults.yaml +235 -0
- icdev/data/args/prompt_chains.yaml +163 -0
- icdev/data/args/resilience_config.yaml +50 -0
- icdev/data/args/ricoas_config.yaml +191 -0
- icdev/data/args/role_personas.yaml +362 -0
- icdev/data/args/scaling_config.yaml +176 -0
- icdev/data/args/security_gates.yaml +685 -0
- icdev/data/args/skill_injection_config.yaml +322 -0
- icdev/data/args/spec_config.yaml +53 -0
- icdev/data/args/supply_chain_config.yaml +76 -0
- icdev/data/args/translation_config.yaml +228 -0
- icdev/data/args/workflow_templates/ato_acceleration.yaml +54 -0
- icdev/data/args/workflow_templates/build_deploy.yaml +63 -0
- icdev/data/args/workflow_templates/full_compliance.yaml +43 -0
- icdev/data/args/workflow_templates/security_hardening.yaml +55 -0
- icdev/data/args/worktree_config.yaml +34 -0
- icdev/data/args/zta_config.yaml +247 -0
- icdev/data/context/__init__.py +1 -0
- icdev/data/context/agent/__init__.py +1 -0
- icdev/data/context/agent/response_schemas/__init__.py +1 -0
- icdev/data/context/agent/response_schemas/debate_position.json +46 -0
- icdev/data/context/agent/response_schemas/fitness_scorecard.json +74 -0
- icdev/data/context/agent/response_schemas/review_decision.json +39 -0
- icdev/data/context/agent/response_schemas/task_decomposition.json +82 -0
- icdev/data/context/agent/response_schemas/veto_decision.json +40 -0
- icdev/data/context/agentic/__init__.py +1 -0
- icdev/data/context/agentic/architecture_patterns.md +269 -0
- icdev/data/context/agentic/capability_registry.yaml +202 -0
- icdev/data/context/agentic/csp_mcp_registry.yaml +280 -0
- icdev/data/context/agentic/fitness_rubric.md +56 -0
- icdev/data/context/agentic/governance_baseline.md +205 -0
- icdev/data/context/ci/__init__.py +1 -0
- icdev/data/context/ci/worktree_templates.json +44 -0
- icdev/data/context/cloud/__init__.py +1 -0
- icdev/data/context/cloud/csp_service_registry.json +739 -0
- icdev/data/context/compliance/__init__.py +1 -0
- icdev/data/context/compliance/atlas_mitigations.json +293 -0
- icdev/data/context/compliance/atlas_techniques.json +833 -0
- icdev/data/context/compliance/cisa_sbd_requirements.json +432 -0
- icdev/data/context/compliance/cjis_security_policy.json +522 -0
- icdev/data/context/compliance/cmmc_practices.json +2494 -0
- icdev/data/context/compliance/cmmc_report_template.md +142 -0
- icdev/data/context/compliance/cnssi_1253_overlay.json +109 -0
- icdev/data/context/compliance/control_crosswalk.json +1914 -0
- icdev/data/context/compliance/control_families/__init__.py +1 -0
- icdev/data/context/compliance/csp_certifications.json +251 -0
- icdev/data/context/compliance/cssp_report_template.md +193 -0
- icdev/data/context/compliance/cui_templates/__init__.py +1 -0
- icdev/data/context/compliance/cui_templates/banner_block.txt +4 -0
- icdev/data/context/compliance/cui_templates/code_header.txt +8 -0
- icdev/data/context/compliance/cui_templates/document_template.md +35 -0
- icdev/data/context/compliance/data_type_framework_map.json +321 -0
- icdev/data/context/compliance/data_type_registry.json +147 -0
- icdev/data/context/compliance/dod_cssp_8530.json +463 -0
- icdev/data/context/compliance/eu_ai_act_annex_iii.json +108 -0
- icdev/data/context/compliance/export_templates/__init__.py +1 -0
- icdev/data/context/compliance/export_templates/emass_controls.csv.j2 +4 -0
- icdev/data/context/compliance/export_templates/evidence_package.md.j2 +39 -0
- icdev/data/context/compliance/export_templates/executive_summary.md.j2 +55 -0
- icdev/data/context/compliance/export_templates/poam_tracking.csv.j2 +4 -0
- icdev/data/context/compliance/fedramp_20x_ksi_schemas.json +133 -0
- icdev/data/context/compliance/fedramp_high_baseline.json +4370 -0
- icdev/data/context/compliance/fedramp_moderate_baseline.json +2183 -0
- icdev/data/context/compliance/fedramp_report_template.md +181 -0
- icdev/data/context/compliance/fips_200_areas.json +362 -0
- icdev/data/context/compliance/gao_ai_accountability.json +262 -0
- icdev/data/context/compliance/hipaa_security_rule.json +720 -0
- icdev/data/context/compliance/hitrust_csf_v11.json +930 -0
- icdev/data/context/compliance/impact_level_profiles.json +251 -0
- icdev/data/context/compliance/incident_response_template.md +1110 -0
- icdev/data/context/compliance/iso27001_2022_controls.json +750 -0
- icdev/data/context/compliance/iso27001_nist_bridge.json +382 -0
- icdev/data/context/compliance/iso42001_controls.json +254 -0
- icdev/data/context/compliance/ivv_checklist_template.md +80 -0
- icdev/data/context/compliance/ivv_report_template.md +116 -0
- icdev/data/context/compliance/ivv_requirements.json +372 -0
- icdev/data/context/compliance/mosa_crosswalk.json +327 -0
- icdev/data/context/compliance/mosa_framework.json +250 -0
- icdev/data/context/compliance/narrative_templates/AC.md.j2 +101 -0
- icdev/data/context/compliance/narrative_templates/AU.md.j2 +106 -0
- icdev/data/context/compliance/narrative_templates/IA.md.j2 +104 -0
- icdev/data/context/compliance/narrative_templates/SC.md.j2 +102 -0
- icdev/data/context/compliance/narrative_templates/SI.md.j2 +111 -0
- icdev/data/context/compliance/narrative_templates/__init__.py +1 -0
- icdev/data/context/compliance/narrative_templates/default.md.j2 +50 -0
- icdev/data/context/compliance/narrative_templates/executive_summary.j2 +27 -0
- icdev/data/context/compliance/narrative_templates/poam_milestone.j2 +19 -0
- icdev/data/context/compliance/narrative_templates/ssp_section.j2 +11 -0
- icdev/data/context/compliance/nist_800_171_controls.json +1552 -0
- icdev/data/context/compliance/nist_800_207_crosswalk.json +399 -0
- icdev/data/context/compliance/nist_800_207_zta.json +258 -0
- icdev/data/context/compliance/nist_800_53.json +324 -0
- icdev/data/context/compliance/nist_ai_600_1_genai.json +326 -0
- icdev/data/context/compliance/nist_ai_rmf.json +206 -0
- icdev/data/context/compliance/nist_sp_800_60_types.json +1667 -0
- icdev/data/context/compliance/omb_m25_21_high_impact_ai.json +248 -0
- icdev/data/context/compliance/omb_m26_04_unbiased_ai.json +262 -0
- icdev/data/context/compliance/owasp_agentic_asi.json +133 -0
- icdev/data/context/compliance/owasp_agentic_threats.json +285 -0
- icdev/data/context/compliance/owasp_llm_top10.json +274 -0
- icdev/data/context/compliance/pci_dss_v4.json +510 -0
- icdev/data/context/compliance/poam_template.md +117 -0
- icdev/data/context/compliance/safeai_controls.json +512 -0
- icdev/data/context/compliance/sbd_report_template.md +77 -0
- icdev/data/context/compliance/siem_config_templates/__init__.py +1 -0
- icdev/data/context/compliance/siem_config_templates/filebeat.yml +213 -0
- icdev/data/context/compliance/siem_config_templates/log_sources.json +208 -0
- icdev/data/context/compliance/soc2_trust_criteria.json +661 -0
- icdev/data/context/compliance/ssp_template.md +432 -0
- icdev/data/context/compliance/stig_templates/__init__.py +1 -0
- icdev/data/context/compliance/stig_templates/webapp_stig.json +139 -0
- icdev/data/context/compliance/xai_requirements.json +108 -0
- icdev/data/context/dashboard/__init__.py +1 -0
- icdev/data/context/dashboard/nlq_examples.json +50 -0
- icdev/data/context/dashboard/schema_descriptions.json +23 -0
- icdev/data/context/integration/__init__.py +1 -0
- icdev/data/context/integration/approval_workflows.json +32 -0
- icdev/data/context/integration/gitlab_field_mappings.json +33 -0
- icdev/data/context/integration/jira_field_mappings.json +32 -0
- icdev/data/context/integration/reqif_export_schema.json +23 -0
- icdev/data/context/integration/servicenow_field_mappings.json +22 -0
- icdev/data/context/languages/__init__.py +1 -0
- icdev/data/context/languages/framework_patterns.json +205 -0
- icdev/data/context/languages/language_registry.json +279 -0
- icdev/data/context/llm/__init__.py +1 -0
- icdev/data/context/llm/example_provider.py +86 -0
- icdev/data/context/mbse/__init__.py +1 -0
- icdev/data/context/mbse/des_report_template.md +162 -0
- icdev/data/context/mbse/des_requirements.json +411 -0
- icdev/data/context/mbse/digital_thread_patterns.json +403 -0
- icdev/data/context/mbse/reqif_schema.json +280 -0
- icdev/data/context/mbse/sysml_element_types.json +432 -0
- icdev/data/context/modernization/__init__.py +1 -0
- icdev/data/context/modernization/db_type_mappings.json +148 -0
- icdev/data/context/modernization/decomposition_patterns.json +284 -0
- icdev/data/context/modernization/framework_migration_patterns.json +359 -0
- icdev/data/context/modernization/migration_report_template.md +168 -0
- icdev/data/context/modernization/seven_rs_catalog.json +369 -0
- icdev/data/context/modernization/version_upgrade_rules.json +279 -0
- icdev/data/context/oscal/NIST_SP-800-53_rev5_catalog.json +254987 -0
- icdev/data/context/oscal/README.md +43 -0
- icdev/data/context/patterns/__init__.py +1 -0
- icdev/data/context/profiles/__init__.py +1 -0
- icdev/data/context/profiles/dod_baseline_v1.yaml +145 -0
- icdev/data/context/profiles/fedramp_baseline_v1.yaml +143 -0
- icdev/data/context/profiles/financial_baseline_v1.yaml +142 -0
- icdev/data/context/profiles/healthcare_baseline_v1.yaml +135 -0
- icdev/data/context/profiles/law_enforcement_v1.yaml +129 -0
- icdev/data/context/profiles/startup_v1.yaml +134 -0
- icdev/data/context/requirements/__init__.py +1 -0
- icdev/data/context/requirements/ambiguity_patterns.json +97 -0
- icdev/data/context/requirements/boundary_impact_rules.json +123 -0
- icdev/data/context/requirements/default_constitutions.json +67 -0
- icdev/data/context/requirements/document_extraction_rules.json +58 -0
- icdev/data/context/requirements/gap_patterns.json +108 -0
- icdev/data/context/requirements/readiness_rubric.json +78 -0
- icdev/data/context/requirements/red_alternative_patterns.json +210 -0
- icdev/data/context/requirements/safe_templates.json +72 -0
- icdev/data/context/requirements/spec_quality_checklist.json +122 -0
- icdev/data/context/simulation/__init__.py +1 -0
- icdev/data/context/simulation/architecture_patterns.json +36 -0
- icdev/data/context/simulation/coa_templates.json +38 -0
- icdev/data/context/simulation/cost_models.json +23 -0
- icdev/data/context/simulation/risk_categories.json +46 -0
- icdev/data/context/supply_chain/__init__.py +1 -0
- icdev/data/context/supply_chain/isa_templates.json +129 -0
- icdev/data/context/supply_chain/nist_800_161_controls.json +247 -0
- icdev/data/context/supply_chain/scrm_risk_matrix.json +147 -0
- icdev/data/context/templates/__init__.py +1 -0
- icdev/data/context/templates/ansible/__init__.py +1 -0
- icdev/data/context/templates/ansible/playbooks/__init__.py +1 -0
- icdev/data/context/templates/ansible/roles/__init__.py +1 -0
- icdev/data/context/templates/gitlab_ci/__init__.py +1 -0
- icdev/data/context/templates/grafana/__init__.py +1 -0
- icdev/data/context/templates/kubernetes/__init__.py +1 -0
- icdev/data/context/templates/project/__init__.py +1 -0
- icdev/data/context/templates/project/api/__init__.py +1 -0
- icdev/data/context/templates/project/cli/__init__.py +1 -0
- icdev/data/context/templates/project/data_pipeline/__init__.py +1 -0
- icdev/data/context/templates/project/iac/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/src/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/tests/__init__.py +1 -0
- icdev/data/context/templates/project/microservice/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/src/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/features/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/steps/__init__.py +1 -0
- icdev/data/context/templates/terraform/__init__.py +1 -0
- icdev/data/context/templates/terraform/govcloud_base/__init__.py +1 -0
- icdev/data/context/templates/terraform/modules/__init__.py +1 -0
- icdev/data/context/tone/__init__.py +1 -0
- icdev/data/context/translation/dependency_mappings.json +186 -0
- icdev/data/context/translation/type_mappings.json +149 -0
- icdev/data/docs/README.md +187 -0
- icdev/data/docs/__init__.py +1 -0
- icdev/data/docs/admin/gateway-guide.md +338 -0
- icdev/data/docs/admin/marketplace-guide.md +396 -0
- icdev/data/docs/admin/monitoring-guide.md +509 -0
- icdev/data/docs/architecture/compliance-framework.md +764 -0
- icdev/data/docs/architecture/database-schema.md +689 -0
- icdev/data/docs/architecture/gotcha-framework.md +518 -0
- icdev/data/docs/architecture/multi-agent-system.md +603 -0
- icdev/data/docs/dx/README.md +106 -0
- icdev/data/docs/dx/__init__.py +1 -0
- icdev/data/docs/dx/ci-cd-integration.md +378 -0
- icdev/data/docs/dx/claude-code-guide.md +213 -0
- icdev/data/docs/dx/companion-guide.md +232 -0
- icdev/data/docs/dx/dev-profiles.md +309 -0
- icdev/data/docs/dx/icdev-yaml-spec.md +219 -0
- icdev/data/docs/dx/integration-tiers.md +279 -0
- icdev/data/docs/dx/llm-routing-guide.md +456 -0
- icdev/data/docs/dx/quickstart.md +192 -0
- icdev/data/docs/dx/sdk-reference.md +356 -0
- icdev/data/docs/dx/unified-mcp-setup.md +525 -0
- icdev/data/docs/features/__init__.py +1 -0
- icdev/data/docs/features/phase-01-gotcha-framework.md +249 -0
- icdev/data/docs/features/phase-02-atlas-build-workflow.md +223 -0
- icdev/data/docs/features/phase-03-tdd-bdd-testing.md +261 -0
- icdev/data/docs/features/phase-04-nist-compliance.md +255 -0
- icdev/data/docs/features/phase-05-security-scanning.md +229 -0
- icdev/data/docs/features/phase-06-infrastructure-deployment.md +288 -0
- icdev/data/docs/features/phase-07-code-review-gates.md +276 -0
- icdev/data/docs/features/phase-08-self-healing.md +223 -0
- icdev/data/docs/features/phase-09-monitoring-observability.md +230 -0
- icdev/data/docs/features/phase-10-dashboard-web-ui.md +218 -0
- icdev/data/docs/features/phase-11-multi-agent-architecture.md +272 -0
- icdev/data/docs/features/phase-12-integration-testing.md +228 -0
- icdev/data/docs/features/phase-13-cicd-integration.md +257 -0
- icdev/data/docs/features/phase-14-secure-by-design-ivv.md +240 -0
- icdev/data/docs/features/phase-15-maintenance-audit.md +192 -0
- icdev/data/docs/features/phase-16-ato-acceleration.md +228 -0
- icdev/data/docs/features/phase-17-multi-framework-compliance.md +223 -0
- icdev/data/docs/features/phase-18-mbse-integration.md +242 -0
- icdev/data/docs/features/phase-19-agentic-generation.md +202 -0
- icdev/data/docs/features/phase-20-fips-security-categorization.md +198 -0
- icdev/data/docs/features/phase-21-saas-multi-tenancy.md +273 -0
- icdev/data/docs/features/phase-22-federated-gotcha-marketplace.md +242 -0
- icdev/data/docs/features/phase-23-universal-compliance-platform.md +238 -0
- icdev/data/docs/features/phase-24-devsecops-pipeline-security.md +198 -0
- icdev/data/docs/features/phase-25-zero-trust-architecture.md +220 -0
- icdev/data/docs/features/phase-26-dod-mosa.md +205 -0
- icdev/data/docs/features/phase-27-cli-capabilities.md +222 -0
- icdev/data/docs/features/phase-28-remote-command-gateway.md +235 -0
- icdev/data/docs/features/phase-29-proactive-monitoring.md +212 -0
- icdev/data/docs/features/phase-30-dashboard-auth.md +215 -0
- icdev/data/docs/features/phase-31-dashboard-ux-low-impact.md +188 -0
- icdev/data/docs/features/phase-32-dashboard-ux-medium-impact.md +223 -0
- icdev/data/docs/features/phase-33-modular-installation.md +218 -0
- icdev/data/docs/features/phase-34-dev-profiles.md +239 -0
- icdev/data/docs/features/phase-35-innovation-engine.md +257 -0
- icdev/data/docs/features/phase-36-evolutionary-intelligence.md +351 -0
- icdev/data/docs/features/phase-37-mitre-atlas-integration.md +485 -0
- icdev/data/docs/features/phase-38-cloud-agnostic-architecture.md +1033 -0
- icdev/data/docs/features/phase-39-observability-operations.md +178 -0
- icdev/data/docs/features/phase-40-nlq-compliance-queries.md +176 -0
- icdev/data/docs/features/phase-41-parallel-cicd.md +169 -0
- icdev/data/docs/features/phase-42-framework-planning.md +177 -0
- icdev/data/docs/features/phase-43-cross-language-translation.md +225 -0
- icdev/data/docs/features/phase-44-innovation-adaptation.md +227 -0
- icdev/data/docs/features/phase-45-owasp-agentic-security.md +239 -0
- icdev/data/docs/features/phase-46-observability-traceability-xai.md +240 -0
- icdev/data/docs/features/phase-47-unified-mcp-gateway.md +257 -0
- icdev/data/docs/features/phase-48-ai-transparency.md +203 -0
- icdev/data/docs/features/phase-49-ai-accountability.md +243 -0
- icdev/data/docs/features/phase-50-ai-governance-intake-chat.md +195 -0
- icdev/data/docs/features/phase-51-unified-chat-dashboard.md +240 -0
- icdev/data/docs/features/phase-52-code-intelligence.md +244 -0
- icdev/data/docs/features/phase-53-fedramp-20x-owasp-asi.md +359 -0
- icdev/data/docs/features/phase-54-slsa-swft-orchestration.md +379 -0
- icdev/data/docs/features/phase-55-a2a-v03-mcp-oauth.md +322 -0
- icdev/data/docs/features/phase-56-evidence-lineage.md +352 -0
- icdev/data/docs/features/phase-57-eu-ai-act-iron-bank.md +319 -0
- icdev/data/docs/features/phase-58-creative-engine.md +370 -0
- icdev/data/docs/features/phase-59-govcon-intelligence.md +535 -0
- icdev/data/docs/features/phase-60-cpmp.md +528 -0
- icdev/data/docs/features/phase-61-orchestration-improvements.md +534 -0
- icdev/data/docs/operations/dashboard-guide.md +354 -0
- icdev/data/docs/operations/deployment-guide.md +556 -0
- icdev/data/docs/operations/saas-admin-guide.md +439 -0
- icdev/data/docs/operations/security-operations-guide.md +733 -0
- icdev/data/docs/runbooks/backup-restore.md +412 -0
- icdev/data/docs/runbooks/troubleshooting.md +499 -0
- icdev/data/features/__init__.py +1 -0
- icdev/data/features/cicd_integration.feature +41 -0
- icdev/data/features/compliance_gates.feature +46 -0
- icdev/data/features/dashboard.feature +72 -0
- icdev/data/features/environment.py +25 -0
- icdev/data/features/project_management.feature +32 -0
- icdev/data/features/requirements_intake.feature +42 -0
- icdev/data/features/saas_platform.feature +53 -0
- icdev/data/features/security_scanning.feature +36 -0
- icdev/data/features/steps/__init__.py +1 -0
- icdev/data/features/steps/cicd_steps.py +465 -0
- icdev/data/features/steps/compliance_steps.py +308 -0
- icdev/data/features/steps/dashboard_steps.py +88 -0
- icdev/data/features/steps/project_steps.py +126 -0
- icdev/data/features/steps/requirements_intake_steps.py +689 -0
- icdev/data/features/steps/saas_platform_steps.py +572 -0
- icdev/data/features/steps/security_steps.py +236 -0
- icdev/data/features/steps/testing_steps.py +226 -0
- icdev/data/features/testing_pipeline.feature +42 -0
- icdev/data/goals/__init__.py +1 -0
- icdev/data/goals/agent_management.md +144 -0
- icdev/data/goals/agentic_generation.md +345 -0
- icdev/data/goals/agentic_threat_model.md +309 -0
- icdev/data/goals/ai_accountability.md +90 -0
- icdev/data/goals/ai_governance_intake.md +132 -0
- icdev/data/goals/ai_transparency.md +76 -0
- icdev/data/goals/atlas_integration.md +405 -0
- icdev/data/goals/ato_acceleration.md +139 -0
- icdev/data/goals/boundary_supply_chain.md +206 -0
- icdev/data/goals/build_app.md +544 -0
- icdev/data/goals/cicd_integration.md +86 -0
- icdev/data/goals/claude_dir_maintenance.md +77 -0
- icdev/data/goals/cli_capabilities.md +340 -0
- icdev/data/goals/cloud_agnostic.md +312 -0
- icdev/data/goals/code_intelligence.md +197 -0
- icdev/data/goals/code_review.md +94 -0
- icdev/data/goals/compliance_workflow.md +858 -0
- icdev/data/goals/continuous_harmonization.md +140 -0
- icdev/data/goals/cross_language_translation.md +171 -0
- icdev/data/goals/dashboard.md +142 -0
- icdev/data/goals/deploy_workflow.md +390 -0
- icdev/data/goals/devsecops_workflow.md +408 -0
- icdev/data/goals/evolutionary_intelligence.md +305 -0
- icdev/data/goals/external_integration.md +113 -0
- icdev/data/goals/framework_planning.md +63 -0
- icdev/data/goals/init_project.md +235 -0
- icdev/data/goals/innovation_engine.md +199 -0
- icdev/data/goals/integration_testing.md +189 -0
- icdev/data/goals/maintenance_audit.md +196 -0
- icdev/data/goals/manifest.md +56 -0
- icdev/data/goals/mbse_integration.md +504 -0
- icdev/data/goals/modernization_workflow.md +618 -0
- icdev/data/goals/monitoring.md +126 -0
- icdev/data/goals/mosa_workflow.md +463 -0
- icdev/data/goals/multi_agent_orchestration.md +68 -0
- icdev/data/goals/nlq_compliance.md +63 -0
- icdev/data/goals/observability.md +64 -0
- icdev/data/goals/observability_traceability_xai.md +154 -0
- icdev/data/goals/owasp_agentic_security.md +395 -0
- icdev/data/goals/parallel_cicd.md +61 -0
- icdev/data/goals/requirements_intake.md +213 -0
- icdev/data/goals/sbd_ivv_workflow.md +195 -0
- icdev/data/goals/security_categorization.md +133 -0
- icdev/data/goals/security_scan.md +381 -0
- icdev/data/goals/self_healing.md +120 -0
- icdev/data/goals/simulation_engine.md +111 -0
- icdev/data/goals/tdd_workflow.md +403 -0
- icdev/data/goals/zero_trust_architecture.md +403 -0
- icdev/data/hardprompts/__init__.py +1 -0
- icdev/data/hardprompts/agent/__init__.py +1 -0
- icdev/data/hardprompts/agent/agentic_architect.md +100 -0
- icdev/data/hardprompts/agent/debate_prompt.md +32 -0
- icdev/data/hardprompts/agent/fitness_evaluation.md +48 -0
- icdev/data/hardprompts/agent/governance_review.md +214 -0
- icdev/data/hardprompts/agent/reviewer_prompt.md +34 -0
- icdev/data/hardprompts/agent/skill_design.md +172 -0
- icdev/data/hardprompts/agent/task_decomposition.md +275 -0
- icdev/data/hardprompts/agent/veto_check_prompt.md +33 -0
- icdev/data/hardprompts/architect/__init__.py +1 -0
- icdev/data/hardprompts/architect/api_design.md +283 -0
- icdev/data/hardprompts/architect/data_model.md +277 -0
- icdev/data/hardprompts/architect/system_design.md +180 -0
- icdev/data/hardprompts/builder/__init__.py +1 -0
- icdev/data/hardprompts/builder/code_generation.md +59 -0
- icdev/data/hardprompts/builder/refactor.md +58 -0
- icdev/data/hardprompts/builder/scaffold_project.md +69 -0
- icdev/data/hardprompts/builder/test_generation.md +87 -0
- icdev/data/hardprompts/ci/__init__.py +1 -0
- icdev/data/hardprompts/ci/worktree_setup.md +35 -0
- icdev/data/hardprompts/compliance/__init__.py +1 -0
- icdev/data/hardprompts/compliance/cmmc_assessment.md +63 -0
- icdev/data/hardprompts/compliance/cssp_assessment.md +75 -0
- icdev/data/hardprompts/compliance/cui_marking.md +86 -0
- icdev/data/hardprompts/compliance/fedramp_assessment.md +55 -0
- icdev/data/hardprompts/compliance/ivv_assessment.md +96 -0
- icdev/data/hardprompts/compliance/poam_generation.md +57 -0
- icdev/data/hardprompts/compliance/sbd_assessment.md +101 -0
- icdev/data/hardprompts/compliance/security_categorization.md +74 -0
- icdev/data/hardprompts/compliance/ssp_generation.md +56 -0
- icdev/data/hardprompts/compliance/stig_evaluation.md +63 -0
- icdev/data/hardprompts/dashboard/__init__.py +1 -0
- icdev/data/hardprompts/dashboard/nlq_system_prompt.md +26 -0
- icdev/data/hardprompts/infra/__init__.py +1 -0
- icdev/data/hardprompts/infra/k8s_manifests.md +118 -0
- icdev/data/hardprompts/infra/pipeline_generation.md +160 -0
- icdev/data/hardprompts/infra/terraform_generation.md +92 -0
- icdev/data/hardprompts/integration/__init__.py +1 -0
- icdev/data/hardprompts/integration/approval_review.md +17 -0
- icdev/data/hardprompts/integration/jira_mapping.md +25 -0
- icdev/data/hardprompts/integration/servicenow_mapping.md +14 -0
- icdev/data/hardprompts/knowledge/__init__.py +1 -0
- icdev/data/hardprompts/knowledge/pattern_detection.md +73 -0
- icdev/data/hardprompts/knowledge/recommendation_engine.md +90 -0
- icdev/data/hardprompts/knowledge/root_cause_analysis.md +91 -0
- icdev/data/hardprompts/maintenance/__init__.py +1 -0
- icdev/data/hardprompts/maintenance/maintenance_assessment.md +82 -0
- icdev/data/hardprompts/mbse/__init__.py +1 -0
- icdev/data/hardprompts/mbse/digital_thread.md +67 -0
- icdev/data/hardprompts/mbse/model_import.md +62 -0
- icdev/data/hardprompts/mbse/model_to_code.md +65 -0
- icdev/data/hardprompts/modernization/__init__.py +1 -0
- icdev/data/hardprompts/modernization/legacy_analysis.md +93 -0
- icdev/data/hardprompts/modernization/migration_planning.md +150 -0
- icdev/data/hardprompts/modernization/seven_r_assessment.md +107 -0
- icdev/data/hardprompts/requirements/__init__.py +1 -0
- icdev/data/hardprompts/requirements/bdd_generation.md +35 -0
- icdev/data/hardprompts/requirements/clarification_prioritization.md +29 -0
- icdev/data/hardprompts/requirements/decomposition.md +60 -0
- icdev/data/hardprompts/requirements/document_extraction.md +45 -0
- icdev/data/hardprompts/requirements/gap_detection.md +70 -0
- icdev/data/hardprompts/requirements/intake_conversation.md +101 -0
- icdev/data/hardprompts/requirements/readiness_assessment.md +39 -0
- icdev/data/hardprompts/requirements/spec_quality.md +33 -0
- icdev/data/hardprompts/requirements/traceability_analysis.md +23 -0
- icdev/data/hardprompts/security/__init__.py +1 -0
- icdev/data/hardprompts/security/endpoint_security.md +78 -0
- icdev/data/hardprompts/security/threat_model.md +70 -0
- icdev/data/hardprompts/security/vulnerability_assessment.md +81 -0
- icdev/data/hardprompts/simulation/__init__.py +1 -0
- icdev/data/hardprompts/simulation/architecture_impact.md +27 -0
- icdev/data/hardprompts/simulation/coa_alternative.md +27 -0
- icdev/data/hardprompts/simulation/coa_generation.md +25 -0
- icdev/data/hardprompts/simulation/compliance_impact.md +28 -0
- icdev/data/hardprompts/simulation/cost_estimation.md +33 -0
- icdev/data/hardprompts/simulation/risk_assessment.md +28 -0
- icdev/data/hardprompts/translation/code_translation.md +68 -0
- icdev/data/hardprompts/translation/dependency_suggestion.md +44 -0
- icdev/data/hardprompts/translation/test_translation.md +64 -0
- icdev/data/hardprompts/translation/translation_repair.md +59 -0
- icdev/py.typed +0 -0
- icdev/tools/__init__.py +1 -0
- icdev/tools/_gen_formatter.py +12 -0
- icdev/tools/a2a/__init__.py +1 -0
- icdev/tools/a2a/agent_cards/architect.json +43 -0
- icdev/tools/a2a/agent_cards/builder.json +50 -0
- icdev/tools/a2a/agent_cards/compliance.json +57 -0
- icdev/tools/a2a/agent_cards/devsecops.json +71 -0
- icdev/tools/a2a/agent_cards/infra.json +57 -0
- icdev/tools/a2a/agent_cards/integration.json +57 -0
- icdev/tools/a2a/agent_cards/knowledge.json +43 -0
- icdev/tools/a2a/agent_cards/mbse.json +57 -0
- icdev/tools/a2a/agent_cards/modernization.json +50 -0
- icdev/tools/a2a/agent_cards/monitor.json +43 -0
- icdev/tools/a2a/agent_cards/orchestrator.json +36 -0
- icdev/tools/a2a/agent_cards/requirements_analyst.json +64 -0
- icdev/tools/a2a/agent_cards/security.json +50 -0
- icdev/tools/a2a/agent_cards/simulation.json +57 -0
- icdev/tools/a2a/agent_cards/supply_chain.json +50 -0
- icdev/tools/a2a/agent_client.py +349 -0
- icdev/tools/a2a/agent_registry.py +412 -0
- icdev/tools/a2a/agent_server.py +579 -0
- icdev/tools/a2a/task.py +200 -0
- icdev/tools/agent/__init__.py +2 -0
- icdev/tools/agent/a2a_agent_card_generator.py +285 -0
- icdev/tools/agent/a2a_discovery_server.py +250 -0
- icdev/tools/agent/agent_executor.py +529 -0
- icdev/tools/agent/agent_memory.py +557 -0
- icdev/tools/agent/agent_models.py +51 -0
- icdev/tools/agent/atlas_critique.py +908 -0
- icdev/tools/agent/authority.py +443 -0
- icdev/tools/agent/bedrock_client.py +1075 -0
- icdev/tools/agent/collaboration.py +871 -0
- icdev/tools/agent/dispatcher_mode.py +665 -0
- icdev/tools/agent/mailbox.py +575 -0
- icdev/tools/agent/prompt_chain_executor.py +1064 -0
- icdev/tools/agent/session_purpose.py +350 -0
- icdev/tools/agent/skill_router.py +638 -0
- icdev/tools/agent/skill_selector.py +486 -0
- icdev/tools/agent/team_orchestrator.py +1108 -0
- icdev/tools/agent/token_tracker.py +290 -0
- icdev/tools/analysis/__init__.py +1 -0
- icdev/tools/analysis/code_analyzer.py +780 -0
- icdev/tools/analysis/runtime_feedback.py +389 -0
- icdev/tools/audit/__init__.py +1 -0
- icdev/tools/audit/audit_logger.py +196 -0
- icdev/tools/audit/audit_query.py +157 -0
- icdev/tools/audit/decision_recorder.py +72 -0
- icdev/tools/builder/__init__.py +1 -0
- icdev/tools/builder/agentic_fitness.py +534 -0
- icdev/tools/builder/agentic_test_templates/test_a2a_callback.py +117 -0
- icdev/tools/builder/agentic_test_templates/test_a2a_lifecycle.feature +52 -0
- icdev/tools/builder/agentic_test_templates/test_agent_card.feature +37 -0
- icdev/tools/builder/agentic_test_templates/test_agent_health.py +128 -0
- icdev/tools/builder/agentic_test_templates/test_memory_system.feature +50 -0
- icdev/tools/builder/agentic_test_templates/test_skill_execution.feature +40 -0
- icdev/tools/builder/app_blueprint.py +1583 -0
- icdev/tools/builder/child_app_generator.py +2852 -0
- icdev/tools/builder/claude_md_generator.py +1734 -0
- icdev/tools/builder/code_generator.py +3703 -0
- icdev/tools/builder/db_init_generator.py +1709 -0
- icdev/tools/builder/dev_profile_manager.py +954 -0
- icdev/tools/builder/formatter.py +768 -0
- icdev/tools/builder/goal_adapter.py +592 -0
- icdev/tools/builder/gotcha_validator.py +812 -0
- icdev/tools/builder/language_support.py +441 -0
- icdev/tools/builder/linter.py +976 -0
- icdev/tools/builder/profile_detector.py +657 -0
- icdev/tools/builder/profile_md_generator.py +723 -0
- icdev/tools/builder/scaffolder.py +1590 -0
- icdev/tools/builder/scaffolder_extended.py +1771 -0
- icdev/tools/builder/test_writer.py +950 -0
- icdev/tools/ci/__init__.py +2 -0
- icdev/tools/ci/connectors/__init__.py +2 -0
- icdev/tools/ci/connectors/base_connector.py +80 -0
- icdev/tools/ci/connectors/connector_registry.py +188 -0
- icdev/tools/ci/connectors/mattermost_connector.py +159 -0
- icdev/tools/ci/connectors/slack_connector.py +197 -0
- icdev/tools/ci/core/__init__.py +2 -0
- icdev/tools/ci/core/air_gap_detector.py +115 -0
- icdev/tools/ci/core/comment_handler.py +192 -0
- icdev/tools/ci/core/conversation_manager.py +479 -0
- icdev/tools/ci/core/event_envelope.py +500 -0
- icdev/tools/ci/core/event_router.py +443 -0
- icdev/tools/ci/core/failure_parser.py +397 -0
- icdev/tools/ci/core/recovery_engine.py +527 -0
- icdev/tools/ci/modules/__init__.py +2 -0
- icdev/tools/ci/modules/agent.py +271 -0
- icdev/tools/ci/modules/git_ops.py +175 -0
- icdev/tools/ci/modules/state.py +117 -0
- icdev/tools/ci/modules/vcs.py +303 -0
- icdev/tools/ci/modules/workflow_ops.py +295 -0
- icdev/tools/ci/modules/worktree.py +340 -0
- icdev/tools/ci/pipeline_config_generator.py +558 -0
- icdev/tools/ci/triggers/__init__.py +2 -0
- icdev/tools/ci/triggers/gitlab_task_monitor.py +330 -0
- icdev/tools/ci/triggers/poll_trigger.py +237 -0
- icdev/tools/ci/triggers/webhook_server.py +356 -0
- icdev/tools/ci/workflows/__init__.py +2 -0
- icdev/tools/ci/workflows/icdev_build.py +140 -0
- icdev/tools/ci/workflows/icdev_comply.py +284 -0
- icdev/tools/ci/workflows/icdev_document.py +152 -0
- icdev/tools/ci/workflows/icdev_e2e.py +188 -0
- icdev/tools/ci/workflows/icdev_patch.py +186 -0
- icdev/tools/ci/workflows/icdev_plan.py +202 -0
- icdev/tools/ci/workflows/icdev_plan_build.py +41 -0
- icdev/tools/ci/workflows/icdev_plan_build_test.py +46 -0
- icdev/tools/ci/workflows/icdev_plan_build_test_review.py +47 -0
- icdev/tools/ci/workflows/icdev_review.py +126 -0
- icdev/tools/ci/workflows/icdev_sdlc.py +261 -0
- icdev/tools/ci/workflows/icdev_test.py +240 -0
- icdev/tools/cli/__init__.py +1 -0
- icdev/tools/cli/output_formatter.py +756 -0
- icdev/tools/cli_formatter.py +42 -0
- icdev/tools/cloud/__init__.py +11 -0
- icdev/tools/cloud/cloud_mode_manager.py +364 -0
- icdev/tools/cloud/csp_changelog.py +383 -0
- icdev/tools/cloud/csp_health_checker.py +268 -0
- icdev/tools/cloud/csp_monitor.py +951 -0
- icdev/tools/cloud/iam_provider.py +593 -0
- icdev/tools/cloud/kms_provider.py +346 -0
- icdev/tools/cloud/monitoring_provider.py +628 -0
- icdev/tools/cloud/provider_factory.py +376 -0
- icdev/tools/cloud/region_validator.py +345 -0
- icdev/tools/cloud/registry_provider.py +563 -0
- icdev/tools/cloud/secrets_provider.py +486 -0
- icdev/tools/cloud/storage_provider.py +446 -0
- icdev/tools/compat/__init__.py +21 -0
- icdev/tools/compat/cli_harmonizer.py +251 -0
- icdev/tools/compat/datetime_utils.py +18 -0
- icdev/tools/compat/db_utils.py +160 -0
- icdev/tools/compat/platform_utils.py +123 -0
- icdev/tools/compliance/__init__.py +1 -0
- icdev/tools/compliance/accountability_manager.py +397 -0
- icdev/tools/compliance/ai_accountability_audit.py +294 -0
- icdev/tools/compliance/ai_impact_assessor.py +273 -0
- icdev/tools/compliance/ai_incident_response.py +301 -0
- icdev/tools/compliance/ai_inventory_manager.py +239 -0
- icdev/tools/compliance/ai_reassessment_scheduler.py +256 -0
- icdev/tools/compliance/ai_transparency_audit.py +248 -0
- icdev/tools/compliance/atlas_assessor.py +278 -0
- icdev/tools/compliance/atlas_report_generator.py +1211 -0
- icdev/tools/compliance/base_assessor.py +597 -0
- icdev/tools/compliance/cato_monitor.py +1385 -0
- icdev/tools/compliance/cato_scheduler.py +699 -0
- icdev/tools/compliance/cjis_assessor.py +76 -0
- icdev/tools/compliance/classification_manager.py +1353 -0
- icdev/tools/compliance/cmmc_assessor.py +1491 -0
- icdev/tools/compliance/cmmc_report_generator.py +1100 -0
- icdev/tools/compliance/compliance_detector.py +463 -0
- icdev/tools/compliance/compliance_exporter.py +427 -0
- icdev/tools/compliance/compliance_status.py +825 -0
- icdev/tools/compliance/control_mapper.py +505 -0
- icdev/tools/compliance/crosswalk_engine.py +1203 -0
- icdev/tools/compliance/cssp_assessor.py +1045 -0
- icdev/tools/compliance/cssp_evidence_collector.py +729 -0
- icdev/tools/compliance/cssp_report_generator.py +1116 -0
- icdev/tools/compliance/cui_marker.py +388 -0
- icdev/tools/compliance/diagram_validator.py +600 -0
- icdev/tools/compliance/emass/__init__.py +2 -0
- icdev/tools/compliance/emass/emass_client.py +840 -0
- icdev/tools/compliance/emass/emass_export.py +777 -0
- icdev/tools/compliance/emass/emass_sync.py +826 -0
- icdev/tools/compliance/eu_ai_act_classifier.py +194 -0
- icdev/tools/compliance/evidence_collector.py +468 -0
- icdev/tools/compliance/fairness_assessor.py +316 -0
- icdev/tools/compliance/fedramp_assessor.py +1808 -0
- icdev/tools/compliance/fedramp_authorization_packager.py +137 -0
- icdev/tools/compliance/fedramp_ksi_generator.py +355 -0
- icdev/tools/compliance/fedramp_report_generator.py +1128 -0
- icdev/tools/compliance/fips199_categorizer.py +881 -0
- icdev/tools/compliance/fips200_validator.py +315 -0
- icdev/tools/compliance/gao_ai_assessor.py +231 -0
- icdev/tools/compliance/gao_evidence_builder.py +308 -0
- icdev/tools/compliance/hipaa_assessor.py +78 -0
- icdev/tools/compliance/hitrust_assessor.py +49 -0
- icdev/tools/compliance/incident_response_plan.py +718 -0
- icdev/tools/compliance/iso27001_assessor.py +92 -0
- icdev/tools/compliance/iso42001_assessor.py +114 -0
- icdev/tools/compliance/ivv_assessor.py +2327 -0
- icdev/tools/compliance/ivv_report_generator.py +1662 -0
- icdev/tools/compliance/model_card_generator.py +297 -0
- icdev/tools/compliance/mosa_assessor.py +117 -0
- icdev/tools/compliance/multi_regime_assessor.py +451 -0
- icdev/tools/compliance/narrative_generator.py +1013 -0
- icdev/tools/compliance/nist_800_207_assessor.py +191 -0
- icdev/tools/compliance/nist_ai_600_1_assessor.py +188 -0
- icdev/tools/compliance/nist_ai_rmf_assessor.py +110 -0
- icdev/tools/compliance/nist_lookup.py +245 -0
- icdev/tools/compliance/omb_m25_21_assessor.py +228 -0
- icdev/tools/compliance/omb_m26_04_assessor.py +188 -0
- icdev/tools/compliance/oscal_catalog_adapter.py +395 -0
- icdev/tools/compliance/oscal_generator.py +2170 -0
- icdev/tools/compliance/oscal_tools.py +1182 -0
- icdev/tools/compliance/owasp_agentic_assessor.py +226 -0
- icdev/tools/compliance/owasp_asi_assessor.py +200 -0
- icdev/tools/compliance/owasp_llm_assessor.py +244 -0
- icdev/tools/compliance/pci_dss_assessor.py +80 -0
- icdev/tools/compliance/pi_compliance_tracker.py +1461 -0
- icdev/tools/compliance/poam_generator.py +405 -0
- icdev/tools/compliance/resolve_marking.py +283 -0
- icdev/tools/compliance/sbd_assessor.py +2068 -0
- icdev/tools/compliance/sbd_report_generator.py +1236 -0
- icdev/tools/compliance/sbom_generator.py +1008 -0
- icdev/tools/compliance/siem_config_generator.py +674 -0
- icdev/tools/compliance/slsa_attestation_generator.py +490 -0
- icdev/tools/compliance/soc2_assessor.py +77 -0
- icdev/tools/compliance/ssp_generator.py +573 -0
- icdev/tools/compliance/stig_checker.py +727 -0
- icdev/tools/compliance/swft_evidence_bundler.py +337 -0
- icdev/tools/compliance/system_card_generator.py +309 -0
- icdev/tools/compliance/traceability_matrix.py +1281 -0
- icdev/tools/compliance/universal_classification_manager.py +1172 -0
- icdev/tools/compliance/xacta/__init__.py +2 -0
- icdev/tools/compliance/xacta/xacta_client.py +449 -0
- icdev/tools/compliance/xacta/xacta_export.py +557 -0
- icdev/tools/compliance/xacta/xacta_sync.py +333 -0
- icdev/tools/compliance/xai_assessor.py +231 -0
- icdev/tools/dashboard/__init__.py +1 -0
- icdev/tools/dashboard/api/__init__.py +1 -0
- icdev/tools/dashboard/api/_pipeline_state.py +17 -0
- icdev/tools/dashboard/api/activity.py +206 -0
- icdev/tools/dashboard/api/admin.py +176 -0
- icdev/tools/dashboard/api/agents.py +53 -0
- icdev/tools/dashboard/api/ai_accountability.py +163 -0
- icdev/tools/dashboard/api/ai_transparency.py +198 -0
- icdev/tools/dashboard/api/audit.py +58 -0
- icdev/tools/dashboard/api/batch.py +666 -0
- icdev/tools/dashboard/api/chat.py +241 -0
- icdev/tools/dashboard/api/cicd.py +219 -0
- icdev/tools/dashboard/api/code_quality.py +223 -0
- icdev/tools/dashboard/api/compliance.py +171 -0
- icdev/tools/dashboard/api/cpmp.py +915 -0
- icdev/tools/dashboard/api/diagrams.py +65 -0
- icdev/tools/dashboard/api/events.py +250 -0
- icdev/tools/dashboard/api/evidence.py +99 -0
- icdev/tools/dashboard/api/fedramp_20x.py +77 -0
- icdev/tools/dashboard/api/govcon.py +1095 -0
- icdev/tools/dashboard/api/intake.py +1171 -0
- icdev/tools/dashboard/api/lineage.py +163 -0
- icdev/tools/dashboard/api/metrics.py +155 -0
- icdev/tools/dashboard/api/nlq.py +72 -0
- icdev/tools/dashboard/api/orchestration.py +472 -0
- icdev/tools/dashboard/api/oscal.py +183 -0
- icdev/tools/dashboard/api/prod_audit.py +183 -0
- icdev/tools/dashboard/api/projects.py +191 -0
- icdev/tools/dashboard/api/proposals.py +1084 -0
- icdev/tools/dashboard/api/traces.py +363 -0
- icdev/tools/dashboard/api/usage.py +234 -0
- icdev/tools/dashboard/app.py +1986 -0
- icdev/tools/dashboard/auth.py +500 -0
- icdev/tools/dashboard/byok.py +245 -0
- icdev/tools/dashboard/chat_manager.py +675 -0
- icdev/tools/dashboard/config.py +116 -0
- icdev/tools/dashboard/diagram_definitions.py +642 -0
- icdev/tools/dashboard/nlq_processor.py +323 -0
- icdev/tools/dashboard/phase_loader.py +136 -0
- icdev/tools/dashboard/sse_manager.py +89 -0
- icdev/tools/dashboard/state_tracker.py +267 -0
- icdev/tools/dashboard/static/css/style.css +706 -0
- icdev/tools/dashboard/static/css/ux.css +2047 -0
- icdev/tools/dashboard/static/js/activity.js +322 -0
- icdev/tools/dashboard/static/js/api.js +161 -0
- icdev/tools/dashboard/static/js/batch.js +814 -0
- icdev/tools/dashboard/static/js/charts.js +618 -0
- icdev/tools/dashboard/static/js/chat.js +1514 -0
- icdev/tools/dashboard/static/js/kanban.js +113 -0
- icdev/tools/dashboard/static/js/live.js +569 -0
- icdev/tools/dashboard/static/js/mermaid-icdev.js +332 -0
- icdev/tools/dashboard/static/js/proposals.js +588 -0
- icdev/tools/dashboard/static/js/shortcuts.js +544 -0
- icdev/tools/dashboard/static/js/tables.js +652 -0
- icdev/tools/dashboard/static/js/tour.js +524 -0
- icdev/tools/dashboard/static/js/ux.js +942 -0
- icdev/tools/dashboard/templates/404.html +10 -0
- icdev/tools/dashboard/templates/activity.html +80 -0
- icdev/tools/dashboard/templates/admin/users.html +144 -0
- icdev/tools/dashboard/templates/ai_accountability.html +235 -0
- icdev/tools/dashboard/templates/ai_transparency.html +263 -0
- icdev/tools/dashboard/templates/base.html +104 -0
- icdev/tools/dashboard/templates/batch.html +23 -0
- icdev/tools/dashboard/templates/chat.html +332 -0
- icdev/tools/dashboard/templates/children.html +149 -0
- icdev/tools/dashboard/templates/cicd.html +253 -0
- icdev/tools/dashboard/templates/code_quality.html +214 -0
- icdev/tools/dashboard/templates/cpmp/cor_detail.html +220 -0
- icdev/tools/dashboard/templates/cpmp/cor_portal.html +91 -0
- icdev/tools/dashboard/templates/cpmp/deliverable_detail.html +197 -0
- icdev/tools/dashboard/templates/cpmp/detail.html +578 -0
- icdev/tools/dashboard/templates/cpmp/portfolio.html +202 -0
- icdev/tools/dashboard/templates/dev_profiles.html +304 -0
- icdev/tools/dashboard/templates/diagrams.html +224 -0
- icdev/tools/dashboard/templates/events/timeline.html +232 -0
- icdev/tools/dashboard/templates/evidence.html +134 -0
- icdev/tools/dashboard/templates/fedramp_20x.html +207 -0
- icdev/tools/dashboard/templates/gateway.html +244 -0
- icdev/tools/dashboard/templates/govcon/capabilities.html +135 -0
- icdev/tools/dashboard/templates/govcon/pipeline.html +214 -0
- icdev/tools/dashboard/templates/govcon/requirements.html +120 -0
- icdev/tools/dashboard/templates/index.html +254 -0
- icdev/tools/dashboard/templates/lineage.html +141 -0
- icdev/tools/dashboard/templates/login.html +51 -0
- icdev/tools/dashboard/templates/monitoring/overview.html +193 -0
- icdev/tools/dashboard/templates/orchestration/dashboard.html +545 -0
- icdev/tools/dashboard/templates/oscal.html +263 -0
- icdev/tools/dashboard/templates/phases.html +150 -0
- icdev/tools/dashboard/templates/prod_audit.html +280 -0
- icdev/tools/dashboard/templates/profile.html +183 -0
- icdev/tools/dashboard/templates/projects/detail.html +583 -0
- icdev/tools/dashboard/templates/projects/list.html +47 -0
- icdev/tools/dashboard/templates/proposals/detail.html +1253 -0
- icdev/tools/dashboard/templates/proposals/list.html +179 -0
- icdev/tools/dashboard/templates/proposals/section_detail.html +193 -0
- icdev/tools/dashboard/templates/provenance.html +181 -0
- icdev/tools/dashboard/templates/query/nlq.html +234 -0
- icdev/tools/dashboard/templates/quick_paths.html +69 -0
- icdev/tools/dashboard/templates/traces.html +155 -0
- icdev/tools/dashboard/templates/translation_detail.html +199 -0
- icdev/tools/dashboard/templates/translations.html +162 -0
- icdev/tools/dashboard/templates/usage.html +225 -0
- icdev/tools/dashboard/templates/wizard.html +539 -0
- icdev/tools/dashboard/templates/xai.html +208 -0
- icdev/tools/dashboard/ux_helpers.py +962 -0
- icdev/tools/dashboard/websocket.py +81 -0
- icdev/tools/db/__init__.py +1 -0
- icdev/tools/db/backup.py +312 -0
- icdev/tools/db/backup_manager.py +832 -0
- icdev/tools/db/init_icdev_db.py +5900 -0
- icdev/tools/db/migrate.py +178 -0
- icdev/tools/db/migration_runner.py +549 -0
- icdev/tools/db/migrations/001_baseline/meta.json +9 -0
- icdev/tools/db/migrations/001_baseline/up.py +68 -0
- icdev/tools/db/migrations/002_memory_enhancements/down.sql +8 -0
- icdev/tools/db/migrations/002_memory_enhancements/meta.json +9 -0
- icdev/tools/db/migrations/002_memory_enhancements/up.py +118 -0
- icdev/tools/db/migrations/003_dev_profiles/meta.json +8 -0
- icdev/tools/db/migrations/003_dev_profiles/up.py +93 -0
- icdev/tools/db/migrations/004_innovation_engine/down.py +19 -0
- icdev/tools/db/migrations/004_innovation_engine/up.py +227 -0
- icdev/tools/db/migrations/005_phase_37_ai_security/down.py +19 -0
- icdev/tools/db/migrations/005_phase_37_ai_security/up.py +258 -0
- icdev/tools/db/migrations/006_phase_36_evolution/down.py +21 -0
- icdev/tools/db/migrations/006_phase_36_evolution/up.py +323 -0
- icdev/tools/db/migrations/007_phase_38_cloud/down.py +14 -0
- icdev/tools/db/migrations/007_phase_38_cloud/up.py +110 -0
- icdev/tools/db/migrations/008_phase36_37_integration/up.py +55 -0
- icdev/tools/db/migrations/__init__.py +2 -0
- icdev/tools/devsecops/__init__.py +2 -0
- icdev/tools/devsecops/attestation_manager.py +458 -0
- icdev/tools/devsecops/network_segmentation_generator.py +614 -0
- icdev/tools/devsecops/pdp_config_generator.py +1256 -0
- icdev/tools/devsecops/pipeline_security_generator.py +484 -0
- icdev/tools/devsecops/policy_generator.py +653 -0
- icdev/tools/devsecops/profile_manager.py +388 -0
- icdev/tools/devsecops/service_mesh_generator.py +1073 -0
- icdev/tools/devsecops/zta_maturity_scorer.py +368 -0
- icdev/tools/devsecops/zta_terraform_generator.py +1303 -0
- icdev/tools/dx/__init__.py +3 -0
- icdev/tools/dx/companion.py +266 -0
- icdev/tools/dx/instruction_generator.py +753 -0
- icdev/tools/dx/mcp_config_generator.py +282 -0
- icdev/tools/dx/skill_translator.py +425 -0
- icdev/tools/dx/tool_detector.py +144 -0
- icdev/tools/extensions/__init__.py +21 -0
- icdev/tools/extensions/builtins/010_ai_governance_chat.py +277 -0
- icdev/tools/extensions/builtins/__init__.py +2 -0
- icdev/tools/extensions/extension_manager.py +455 -0
- icdev/tools/infra/__init__.py +1 -0
- icdev/tools/infra/ansible_generator.py +869 -0
- icdev/tools/infra/dockerfile_generator.py +361 -0
- icdev/tools/infra/infra_status.py +393 -0
- icdev/tools/infra/ironbank_metadata_generator.py +411 -0
- icdev/tools/infra/k8s_generator.py +1002 -0
- icdev/tools/infra/pipeline_generator.py +832 -0
- icdev/tools/infra/rollback.py +400 -0
- icdev/tools/infra/terraform_generator.py +1142 -0
- icdev/tools/infra/terraform_generator_azure.py +1254 -0
- icdev/tools/infra/terraform_generator_gcp.py +953 -0
- icdev/tools/infra/terraform_generator_ibm.py +360 -0
- icdev/tools/infra/terraform_generator_oci.py +919 -0
- icdev/tools/infra/terraform_generator_onprem.py +319 -0
- icdev/tools/innovation/__init__.py +8 -0
- icdev/tools/innovation/competitive_intel.py +492 -0
- icdev/tools/innovation/innovation_manager.py +681 -0
- icdev/tools/innovation/introspective_analyzer.py +774 -0
- icdev/tools/innovation/register_external_patterns.py +440 -0
- icdev/tools/innovation/signal_ranker.py +1038 -0
- icdev/tools/innovation/solution_generator.py +697 -0
- icdev/tools/innovation/standards_monitor.py +466 -0
- icdev/tools/innovation/trend_detector.py +1046 -0
- icdev/tools/innovation/triage_engine.py +1149 -0
- icdev/tools/innovation/web_scanner.py +894 -0
- icdev/tools/installer/__init__.py +1 -0
- icdev/tools/installer/compliance_configurator.py +637 -0
- icdev/tools/installer/installer.py +1711 -0
- icdev/tools/installer/module_registry.py +805 -0
- icdev/tools/installer/platform_setup.py +961 -0
- icdev/tools/integration/__init__.py +2 -0
- icdev/tools/integration/approval_manager.py +561 -0
- icdev/tools/integration/doors_exporter.py +627 -0
- icdev/tools/integration/gitlab_connector.py +784 -0
- icdev/tools/integration/jira_connector.py +774 -0
- icdev/tools/integration/servicenow_connector.py +693 -0
- icdev/tools/knowledge/__init__.py +1 -0
- icdev/tools/knowledge/knowledge_ingest.py +293 -0
- icdev/tools/knowledge/pattern_detector.py +693 -0
- icdev/tools/knowledge/recommendation_engine.py +461 -0
- icdev/tools/knowledge/self_heal_analyzer.py +504 -0
- icdev/tools/llm/__init__.py +72 -0
- icdev/tools/llm/anthropic_provider.py +170 -0
- icdev/tools/llm/azure_openai_provider.py +338 -0
- icdev/tools/llm/bedrock_provider.py +315 -0
- icdev/tools/llm/embedding_provider.py +438 -0
- icdev/tools/llm/gemini_provider.py +381 -0
- icdev/tools/llm/ibm_watsonx_provider.py +232 -0
- icdev/tools/llm/oci_genai_provider.py +462 -0
- icdev/tools/llm/ollama_provider.py +340 -0
- icdev/tools/llm/openai_provider.py +225 -0
- icdev/tools/llm/provider.py +355 -0
- icdev/tools/llm/provider_sdk.py +175 -0
- icdev/tools/llm/router.py +780 -0
- icdev/tools/llm/vertex_ai_provider.py +374 -0
- icdev/tools/maintenance/__init__.py +2 -0
- icdev/tools/maintenance/dependency_scanner.py +1030 -0
- icdev/tools/maintenance/maintenance_auditor.py +815 -0
- icdev/tools/maintenance/remediation_engine.py +966 -0
- icdev/tools/maintenance/vulnerability_checker.py +987 -0
- icdev/tools/mbse/__init__.py +3 -0
- icdev/tools/mbse/des_assessor.py +1186 -0
- icdev/tools/mbse/des_report_generator.py +800 -0
- icdev/tools/mbse/diagram_extractor.py +811 -0
- icdev/tools/mbse/digital_thread.py +1665 -0
- icdev/tools/mbse/model_code_generator.py +1122 -0
- icdev/tools/mbse/model_control_mapper.py +420 -0
- icdev/tools/mbse/pi_model_tracker.py +1093 -0
- icdev/tools/mbse/reqif_parser.py +1483 -0
- icdev/tools/mbse/sync_engine.py +1805 -0
- icdev/tools/mbse/xmi_parser.py +1573 -0
- icdev/tools/mcp/__init__.py +1 -0
- icdev/tools/mcp/base_server.py +535 -0
- icdev/tools/mcp/builder_server.py +725 -0
- icdev/tools/mcp/compliance_server.py +1407 -0
- icdev/tools/mcp/context_indexer.py +199 -0
- icdev/tools/mcp/context_server.py +305 -0
- icdev/tools/mcp/core_server.py +679 -0
- icdev/tools/mcp/devsecops_server.py +432 -0
- icdev/tools/mcp/gap_handlers.py +1079 -0
- icdev/tools/mcp/gateway_server.py +339 -0
- icdev/tools/mcp/generate_registry.py +623 -0
- icdev/tools/mcp/infra_server.py +264 -0
- icdev/tools/mcp/innovation_server.py +316 -0
- icdev/tools/mcp/integration_server.py +527 -0
- icdev/tools/mcp/knowledge_server.py +429 -0
- icdev/tools/mcp/maintenance_server.py +248 -0
- icdev/tools/mcp/marketplace_server.py +499 -0
- icdev/tools/mcp/mbse_server.py +398 -0
- icdev/tools/mcp/modernization_server.py +496 -0
- icdev/tools/mcp/observability_server.py +354 -0
- icdev/tools/mcp/requirements_server.py +415 -0
- icdev/tools/mcp/simulation_server.py +468 -0
- icdev/tools/mcp/standalone/__init__.py +2 -0
- icdev/tools/mcp/standalone/builder.py +59 -0
- icdev/tools/mcp/standalone/compliance.py +59 -0
- icdev/tools/mcp/standalone/core.py +59 -0
- icdev/tools/mcp/standalone/knowledge.py +59 -0
- icdev/tools/mcp/standalone/maintenance.py +59 -0
- icdev/tools/mcp/supply_chain_server.py +476 -0
- icdev/tools/mcp/tool_registry.py +2008 -0
- icdev/tools/mcp/unified_server.py +158 -0
- icdev/tools/memory/__init__.py +2 -0
- icdev/tools/memory/auto_capture.py +347 -0
- icdev/tools/memory/embed_memory.py +158 -0
- icdev/tools/memory/history_compressor.py +334 -0
- icdev/tools/memory/hybrid_search.py +236 -0
- icdev/tools/memory/maintenance_cron.py +289 -0
- icdev/tools/memory/memory_consolidation.py +444 -0
- icdev/tools/memory/memory_db.py +133 -0
- icdev/tools/memory/memory_read.py +102 -0
- icdev/tools/memory/memory_write.py +222 -0
- icdev/tools/memory/semantic_search.py +139 -0
- icdev/tools/memory/time_decay.py +435 -0
- icdev/tools/modernization/__init__.py +3 -0
- icdev/tools/modernization/architecture_extractor.py +734 -0
- icdev/tools/modernization/compliance_bridge.py +1499 -0
- icdev/tools/modernization/db_migration_planner.py +1385 -0
- icdev/tools/modernization/doc_generator.py +1428 -0
- icdev/tools/modernization/framework_migrator.py +1525 -0
- icdev/tools/modernization/legacy_analyzer.py +1948 -0
- icdev/tools/modernization/migration_code_generator.py +1639 -0
- icdev/tools/modernization/migration_report_generator.py +1653 -0
- icdev/tools/modernization/migration_tracker.py +1726 -0
- icdev/tools/modernization/monolith_decomposer.py +1508 -0
- icdev/tools/modernization/seven_r_assessor.py +1658 -0
- icdev/tools/modernization/strangler_fig_manager.py +1705 -0
- icdev/tools/modernization/ui_analyzer.py +771 -0
- icdev/tools/modernization/version_migrator.py +1392 -0
- icdev/tools/monitor/__init__.py +1 -0
- icdev/tools/monitor/alert_correlator.py +495 -0
- icdev/tools/monitor/auto_resolver.py +612 -0
- icdev/tools/monitor/health_checker.py +509 -0
- icdev/tools/monitor/heartbeat_daemon.py +792 -0
- icdev/tools/monitor/log_analyzer.py +516 -0
- icdev/tools/monitor/metric_collector.py +496 -0
- icdev/tools/mosa/__init__.py +10 -0
- icdev/tools/mosa/icd_generator.py +370 -0
- icdev/tools/mosa/modular_design_analyzer.py +683 -0
- icdev/tools/mosa/mosa_code_enforcer.py +349 -0
- icdev/tools/mosa/tsp_generator.py +265 -0
- icdev/tools/observability/__init__.py +100 -0
- icdev/tools/observability/genai_attributes.py +88 -0
- icdev/tools/observability/instrumentation.py +140 -0
- icdev/tools/observability/mlflow_exporter.py +194 -0
- icdev/tools/observability/otel_tracer.py +168 -0
- icdev/tools/observability/provenance/__init__.py +3 -0
- icdev/tools/observability/provenance/prov_recorder.py +324 -0
- icdev/tools/observability/shap/__init__.py +3 -0
- icdev/tools/observability/shap/agent_shap.py +275 -0
- icdev/tools/observability/sqlite_tracer.py +361 -0
- icdev/tools/observability/trace_context.py +205 -0
- icdev/tools/observability/tracer.py +230 -0
- icdev/tools/orchestration/__init__.py +2 -0
- icdev/tools/orchestration/workflow_composer.py +361 -0
- icdev/tools/project/__init__.py +1 -0
- icdev/tools/project/manifest_loader.py +418 -0
- icdev/tools/project/project_create.py +350 -0
- icdev/tools/project/project_list.py +174 -0
- icdev/tools/project/project_scaffold.py +1715 -0
- icdev/tools/project/project_status.py +479 -0
- icdev/tools/project/session_context_builder.py +757 -0
- icdev/tools/project/validate_manifest.py +55 -0
- icdev/tools/registry/__init__.py +10 -0
- icdev/tools/registry/absorption_engine.py +832 -0
- icdev/tools/registry/capability_evaluator.py +668 -0
- icdev/tools/registry/child_registry.py +617 -0
- icdev/tools/registry/cross_pollinator.py +1065 -0
- icdev/tools/registry/genome_manager.py +671 -0
- icdev/tools/registry/learning_collector.py +912 -0
- icdev/tools/registry/propagation_manager.py +942 -0
- icdev/tools/registry/staging_manager.py +742 -0
- icdev/tools/registry/telemetry_collector.py +423 -0
- icdev/tools/requirements/__init__.py +1 -0
- icdev/tools/requirements/ai_governance_scorer.py +208 -0
- icdev/tools/requirements/boundary_analyzer.py +1293 -0
- icdev/tools/requirements/clarification_engine.py +618 -0
- icdev/tools/requirements/complexity_scorer.py +387 -0
- icdev/tools/requirements/consistency_analyzer.py +803 -0
- icdev/tools/requirements/constitution_manager.py +605 -0
- icdev/tools/requirements/decomposition_engine.py +778 -0
- icdev/tools/requirements/document_extractor.py +1016 -0
- icdev/tools/requirements/elicitation_techniques.py +519 -0
- icdev/tools/requirements/gap_detector.py +271 -0
- icdev/tools/requirements/intake_engine.py +2188 -0
- icdev/tools/requirements/prd_generator.py +847 -0
- icdev/tools/requirements/prd_validator.py +595 -0
- icdev/tools/requirements/readiness_scorer.py +313 -0
- icdev/tools/requirements/spec_organizer.py +1029 -0
- icdev/tools/requirements/spec_quality_checker.py +1097 -0
- icdev/tools/requirements/traceability_builder.py +579 -0
- icdev/tools/resilience/__init__.py +34 -0
- icdev/tools/resilience/circuit_breaker.py +340 -0
- icdev/tools/resilience/correlation.py +150 -0
- icdev/tools/resilience/errors.py +81 -0
- icdev/tools/resilience/retry.py +95 -0
- icdev/tools/schemas/__init__.py +27 -0
- icdev/tools/schemas/chat.py +61 -0
- icdev/tools/schemas/compliance.py +56 -0
- icdev/tools/schemas/core.py +85 -0
- icdev/tools/schemas/innovation.py +37 -0
- icdev/tools/schemas/validation.py +109 -0
- icdev/tools/sdk/__init__.py +3 -0
- icdev/tools/sdk/icdev_client.py +218 -0
- icdev/tools/security/__init__.py +1 -0
- icdev/tools/security/agent_output_validator.py +330 -0
- icdev/tools/security/agent_trust_scorer.py +466 -0
- icdev/tools/security/ai_bom_generator.py +725 -0
- icdev/tools/security/ai_telemetry_logger.py +469 -0
- icdev/tools/security/atlas_red_team.py +543 -0
- icdev/tools/security/code_pattern_scanner.py +378 -0
- icdev/tools/security/confabulation_detector.py +271 -0
- icdev/tools/security/container_scanner.py +491 -0
- icdev/tools/security/dependency_auditor.py +944 -0
- icdev/tools/security/endpoint_security_scanner.py +579 -0
- icdev/tools/security/mcp_tool_authorizer.py +243 -0
- icdev/tools/security/prompt_injection_detector.py +737 -0
- icdev/tools/security/sast_runner.py +948 -0
- icdev/tools/security/secret_detector.py +378 -0
- icdev/tools/security/tool_chain_validator.py +357 -0
- icdev/tools/security/vuln_scanner.py +539 -0
- icdev/tools/simulation/__init__.py +2 -0
- icdev/tools/simulation/coa_generator.py +1552 -0
- icdev/tools/simulation/monte_carlo.py +758 -0
- icdev/tools/simulation/scenario_manager.py +1073 -0
- icdev/tools/simulation/simulation_engine.py +1104 -0
- icdev/tools/supply_chain/__init__.py +2 -0
- icdev/tools/supply_chain/cve_triager.py +705 -0
- icdev/tools/supply_chain/dependency_graph.py +645 -0
- icdev/tools/supply_chain/isa_manager.py +540 -0
- icdev/tools/supply_chain/scrm_assessor.py +546 -0
- icdev/tools/testing/__init__.py +2 -0
- icdev/tools/testing/acceptance_validator.py +411 -0
- icdev/tools/testing/claude_dir_validator.py +831 -0
- icdev/tools/testing/data_types.py +199 -0
- icdev/tools/testing/e2e_runner.py +715 -0
- icdev/tools/testing/fuzz_cli.py +306 -0
- icdev/tools/testing/health_check.py +483 -0
- icdev/tools/testing/platform_check.py +143 -0
- icdev/tools/testing/production_audit.py +1862 -0
- icdev/tools/testing/production_remediate.py +804 -0
- icdev/tools/testing/screenshot_validator.py +539 -0
- icdev/tools/testing/smoke_test.py +283 -0
- icdev/tools/testing/test_agent_models.py +117 -0
- icdev/tools/testing/test_orchestrator.py +957 -0
- icdev/tools/testing/utils.py +229 -0
- icdev/tools/translation/__init__.py +17 -0
- icdev/tools/translation/code_translator.py +550 -0
- icdev/tools/translation/dependency_mapper.py +277 -0
- icdev/tools/translation/feature_map.py +395 -0
- icdev/tools/translation/project_assembler.py +439 -0
- icdev/tools/translation/source_extractor.py +609 -0
- icdev/tools/translation/test_translator.py +333 -0
- icdev/tools/translation/translation_manager.py +582 -0
- icdev/tools/translation/translation_validator.py +662 -0
- icdev/tools/translation/type_checker.py +371 -0
- icdev-1.0.0.dist-info/METADATA +868 -0
- icdev-1.0.0.dist-info/RECORD +1105 -0
- icdev-1.0.0.dist-info/WHEEL +5 -0
- icdev-1.0.0.dist-info/entry_points.txt +9 -0
- icdev-1.0.0.dist-info/licenses/LICENSE +254 -0
- icdev-1.0.0.dist-info/licenses/NOTICE +268 -0
- icdev-1.0.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,510 @@
|
|
|
1
|
+
{
|
|
2
|
+
"framework": "PCI DSS v4.0",
|
|
3
|
+
"version": "4.0",
|
|
4
|
+
"requirements": [
|
|
5
|
+
{
|
|
6
|
+
"id": "PCI-1.1",
|
|
7
|
+
"title": "Network Security Controls Policies and Procedures",
|
|
8
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
9
|
+
"requirement_number": "1",
|
|
10
|
+
"nist_800_53_refs": ["SC-7", "PL-1", "PL-2", "CM-1"],
|
|
11
|
+
"description": "All security policies and operational procedures for network security controls are documented, kept up to date, in active use, and known to all affected parties."
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"id": "PCI-1.2",
|
|
15
|
+
"title": "Network Security Control Configuration Standards",
|
|
16
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
17
|
+
"requirement_number": "1",
|
|
18
|
+
"nist_800_53_refs": ["SC-7", "SC-7(5)", "CM-2", "CM-6"],
|
|
19
|
+
"description": "Configuration standards for network security controls are defined, implemented, and maintained, covering inbound and outbound traffic rules, connection types, and protocols allowed through the CDE boundary."
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"id": "PCI-1.3",
|
|
23
|
+
"title": "Network Access to and from the CDE is Restricted",
|
|
24
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
25
|
+
"requirement_number": "1",
|
|
26
|
+
"nist_800_53_refs": ["SC-7", "SC-7(5)", "AC-4"],
|
|
27
|
+
"description": "Inbound and outbound traffic to the cardholder data environment is restricted to only necessary traffic, and all other traffic is specifically denied."
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
"id": "PCI-1.4",
|
|
31
|
+
"title": "NSCs Between Trusted and Untrusted Networks",
|
|
32
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
33
|
+
"requirement_number": "1",
|
|
34
|
+
"nist_800_53_refs": ["SC-7", "SC-7(3)", "AC-4"],
|
|
35
|
+
"description": "Network security controls are implemented between trusted and untrusted networks, isolating the CDE from untrusted networks including the Internet, wireless, and third-party connections."
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"id": "PCI-1.5",
|
|
39
|
+
"title": "Risks to the CDE from Computing Devices Mitigated",
|
|
40
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
41
|
+
"requirement_number": "1",
|
|
42
|
+
"nist_800_53_refs": ["SC-7", "AC-19", "CM-7"],
|
|
43
|
+
"description": "Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated through security controls on the device."
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
"id": "PCI-2.1",
|
|
47
|
+
"title": "Secure Configuration Policies and Procedures",
|
|
48
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
49
|
+
"requirement_number": "2",
|
|
50
|
+
"nist_800_53_refs": ["CM-1", "CM-2", "CM-6", "PL-1"],
|
|
51
|
+
"description": "All security policies and operational procedures for applying secure configurations to all system components are documented, kept up to date, in active use, and known to all affected parties."
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"id": "PCI-2.2",
|
|
55
|
+
"title": "System Components Configured and Managed Securely",
|
|
56
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
57
|
+
"requirement_number": "2",
|
|
58
|
+
"nist_800_53_refs": ["CM-2", "CM-6", "CM-7", "RA-5"],
|
|
59
|
+
"description": "Configuration standards are developed, implemented, and maintained to cover all system components, address all known security vulnerabilities, and be consistent with industry-accepted system hardening standards such as CIS Benchmarks and DISA STIGs."
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
"id": "PCI-2.3",
|
|
63
|
+
"title": "Wireless Environments Configured and Managed Securely",
|
|
64
|
+
"goal": "Build and Maintain a Secure Network and Systems",
|
|
65
|
+
"requirement_number": "2",
|
|
66
|
+
"nist_800_53_refs": ["AC-18", "SC-8", "SC-13", "CM-6"],
|
|
67
|
+
"description": "Wireless environments connected to or that could impact the CDE are configured and managed securely, including changing vendor defaults for wireless encryption keys, passwords, and SNMP community strings."
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"id": "PCI-3.1",
|
|
71
|
+
"title": "Account Data Protection Policies and Procedures",
|
|
72
|
+
"goal": "Protect Account Data",
|
|
73
|
+
"requirement_number": "3",
|
|
74
|
+
"nist_800_53_refs": ["SC-28", "MP-1", "PL-1", "SC-12"],
|
|
75
|
+
"description": "All security policies and operational procedures for protecting stored account data are documented, kept up to date, in active use, and known to all affected parties."
|
|
76
|
+
},
|
|
77
|
+
{
|
|
78
|
+
"id": "PCI-3.2",
|
|
79
|
+
"title": "Storage of Account Data is Kept to a Minimum",
|
|
80
|
+
"goal": "Protect Account Data",
|
|
81
|
+
"requirement_number": "3",
|
|
82
|
+
"nist_800_53_refs": ["SI-12", "MP-6", "DM-2"],
|
|
83
|
+
"description": "Account data storage amount and retention time are limited to that which is required for legal, regulatory, and business requirements. Data exceeding defined retention periods is securely deleted."
|
|
84
|
+
},
|
|
85
|
+
{
|
|
86
|
+
"id": "PCI-3.3",
|
|
87
|
+
"title": "Sensitive Authentication Data Not Stored After Authorization",
|
|
88
|
+
"goal": "Protect Account Data",
|
|
89
|
+
"requirement_number": "3",
|
|
90
|
+
"nist_800_53_refs": ["SI-12", "AU-11", "MP-6"],
|
|
91
|
+
"description": "Sensitive authentication data (SAD) including full track data, card verification codes, and PINs is not retained after authorization, even if encrypted."
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
"id": "PCI-3.4",
|
|
95
|
+
"title": "PAN Display is Restricted",
|
|
96
|
+
"goal": "Protect Account Data",
|
|
97
|
+
"requirement_number": "3",
|
|
98
|
+
"nist_800_53_refs": ["AC-3", "AC-6", "MP-3"],
|
|
99
|
+
"description": "Access to displays of full PAN and ability to copy PAN is restricted via masking. Only personnel with a legitimate business need can see more than the first six and last four digits."
|
|
100
|
+
},
|
|
101
|
+
{
|
|
102
|
+
"id": "PCI-3.5",
|
|
103
|
+
"title": "PAN is Secured Wherever it is Stored",
|
|
104
|
+
"goal": "Protect Account Data",
|
|
105
|
+
"requirement_number": "3",
|
|
106
|
+
"nist_800_53_refs": ["SC-28", "SC-28(1)", "SC-13", "SC-12"],
|
|
107
|
+
"description": "PAN is rendered unreadable anywhere it is stored using one-way hashes, truncation, index tokens, or strong cryptography with associated key management processes."
|
|
108
|
+
},
|
|
109
|
+
{
|
|
110
|
+
"id": "PCI-3.6",
|
|
111
|
+
"title": "Cryptographic Keys Protecting Stored Account Data are Protected",
|
|
112
|
+
"goal": "Protect Account Data",
|
|
113
|
+
"requirement_number": "3",
|
|
114
|
+
"nist_800_53_refs": ["SC-12", "SC-12(1)", "SC-13"],
|
|
115
|
+
"description": "Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse, covering generation, distribution, storage, access, rotation, and destruction."
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
"id": "PCI-3.7",
|
|
119
|
+
"title": "Cryptographic Key Management Lifecycle",
|
|
120
|
+
"goal": "Protect Account Data",
|
|
121
|
+
"requirement_number": "3",
|
|
122
|
+
"nist_800_53_refs": ["SC-12", "SC-13", "SC-17"],
|
|
123
|
+
"description": "Where cryptography is used to protect stored account data, key management policies and procedures covering the full key lifecycle are defined and implemented."
|
|
124
|
+
},
|
|
125
|
+
{
|
|
126
|
+
"id": "PCI-4.1",
|
|
127
|
+
"title": "Transmission Encryption Policies and Procedures",
|
|
128
|
+
"goal": "Protect Account Data",
|
|
129
|
+
"requirement_number": "4",
|
|
130
|
+
"nist_800_53_refs": ["SC-8", "SC-8(1)", "PL-1", "SC-13"],
|
|
131
|
+
"description": "All security policies and operational procedures for protecting cardholder data with strong cryptography during transmission over open, public networks are documented and maintained."
|
|
132
|
+
},
|
|
133
|
+
{
|
|
134
|
+
"id": "PCI-4.2",
|
|
135
|
+
"title": "PAN Protected with Strong Cryptography During Transmission",
|
|
136
|
+
"goal": "Protect Account Data",
|
|
137
|
+
"requirement_number": "4",
|
|
138
|
+
"nist_800_53_refs": ["SC-8", "SC-8(1)", "SC-13", "SC-23"],
|
|
139
|
+
"description": "PAN is secured with strong cryptography whenever it is sent over open, public networks. Only trusted keys and certificates are accepted, with TLS 1.2 or higher required."
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"id": "PCI-5.1",
|
|
143
|
+
"title": "Anti-Malware Policies and Procedures",
|
|
144
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
145
|
+
"requirement_number": "5",
|
|
146
|
+
"nist_800_53_refs": ["SI-3", "PL-1", "SI-1"],
|
|
147
|
+
"description": "All security policies and operational procedures for protecting all systems against malware are documented, kept up to date, in active use, and known to all affected parties."
|
|
148
|
+
},
|
|
149
|
+
{
|
|
150
|
+
"id": "PCI-5.2",
|
|
151
|
+
"title": "Malware is Prevented or Detected and Addressed",
|
|
152
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
153
|
+
"requirement_number": "5",
|
|
154
|
+
"nist_800_53_refs": ["SI-3", "SI-3(1)", "SI-3(2)"],
|
|
155
|
+
"description": "An anti-malware solution is deployed on all system components commonly affected by malware, detecting all known types and performing periodic scans and active real-time monitoring."
|
|
156
|
+
},
|
|
157
|
+
{
|
|
158
|
+
"id": "PCI-5.3",
|
|
159
|
+
"title": "Anti-Malware Mechanisms and Processes are Active and Maintained",
|
|
160
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
161
|
+
"requirement_number": "5",
|
|
162
|
+
"nist_800_53_refs": ["SI-3", "CM-5", "AC-6", "SI-3(10)"],
|
|
163
|
+
"description": "Anti-malware mechanisms and processes are active, maintained, and monitored. Users cannot disable or alter anti-malware protections unless specifically documented and authorized by management."
|
|
164
|
+
},
|
|
165
|
+
{
|
|
166
|
+
"id": "PCI-5.4",
|
|
167
|
+
"title": "Anti-Phishing Mechanisms Protect Against Phishing Attacks",
|
|
168
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
169
|
+
"requirement_number": "5",
|
|
170
|
+
"nist_800_53_refs": ["SI-3", "SI-8", "AT-2(2)"],
|
|
171
|
+
"description": "Anti-phishing mechanisms are in place to protect users against phishing attacks, including processes to detect and protect personnel against phishing via email, social engineering, and other vectors."
|
|
172
|
+
},
|
|
173
|
+
{
|
|
174
|
+
"id": "PCI-6.1",
|
|
175
|
+
"title": "Secure Development Policies and Procedures",
|
|
176
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
177
|
+
"requirement_number": "6",
|
|
178
|
+
"nist_800_53_refs": ["SA-3", "SA-8", "PL-1", "SA-15"],
|
|
179
|
+
"description": "All security policies and operational procedures for developing and maintaining secure systems and software are documented, establishing a secure software development lifecycle (SSDLC)."
|
|
180
|
+
},
|
|
181
|
+
{
|
|
182
|
+
"id": "PCI-6.2",
|
|
183
|
+
"title": "Bespoke and Custom Software Developed Securely",
|
|
184
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
185
|
+
"requirement_number": "6",
|
|
186
|
+
"nist_800_53_refs": ["SA-8", "SA-11", "SA-15", "SA-16"],
|
|
187
|
+
"description": "Bespoke and custom software are developed securely using secure coding techniques that address common software attacks including OWASP Top 10, with mandatory code reviews."
|
|
188
|
+
},
|
|
189
|
+
{
|
|
190
|
+
"id": "PCI-6.3",
|
|
191
|
+
"title": "Security Vulnerabilities are Identified and Addressed",
|
|
192
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
193
|
+
"requirement_number": "6",
|
|
194
|
+
"nist_800_53_refs": ["RA-5", "SI-2", "SI-5", "PM-16"],
|
|
195
|
+
"description": "Security vulnerabilities are identified and managed by establishing a process using reputable sources for vulnerability information, assigning risk rankings, and installing critical/high patches within one month of release."
|
|
196
|
+
},
|
|
197
|
+
{
|
|
198
|
+
"id": "PCI-6.4",
|
|
199
|
+
"title": "Public-Facing Web Applications Protected from Attacks",
|
|
200
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
201
|
+
"requirement_number": "6",
|
|
202
|
+
"nist_800_53_refs": ["SI-3", "SC-7", "SA-11", "SI-10"],
|
|
203
|
+
"description": "Public-facing web applications are protected against known attacks through web application firewalls (WAF) or code reviews, with ongoing assessment of new threats and vulnerabilities."
|
|
204
|
+
},
|
|
205
|
+
{
|
|
206
|
+
"id": "PCI-6.5",
|
|
207
|
+
"title": "Changes to All System Components Managed Securely",
|
|
208
|
+
"goal": "Maintain a Vulnerability Management Program",
|
|
209
|
+
"requirement_number": "6",
|
|
210
|
+
"nist_800_53_refs": ["CM-3", "CM-4", "CM-5", "SA-10"],
|
|
211
|
+
"description": "Changes to all system components in the production environment are made according to established change control processes including impact documentation, authorized approval, functionality testing, and back-out procedures."
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
"id": "PCI-7.1",
|
|
215
|
+
"title": "Access Control Policies and Procedures",
|
|
216
|
+
"goal": "Implement Strong Access Control Measures",
|
|
217
|
+
"requirement_number": "7",
|
|
218
|
+
"nist_800_53_refs": ["AC-1", "AC-2", "AC-3", "PL-1"],
|
|
219
|
+
"description": "All security policies and operational procedures for restricting access to system components and cardholder data by business need to know are documented and maintained."
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
"id": "PCI-7.2",
|
|
223
|
+
"title": "Access to System Components and Data is Appropriately Defined",
|
|
224
|
+
"goal": "Implement Strong Access Control Measures",
|
|
225
|
+
"requirement_number": "7",
|
|
226
|
+
"nist_800_53_refs": ["AC-2", "AC-3", "AC-6", "AC-6(1)"],
|
|
227
|
+
"description": "An access control model is defined and includes granting access only to those individuals whose job requires such access, enforcing least privileges for job responsibilities."
|
|
228
|
+
},
|
|
229
|
+
{
|
|
230
|
+
"id": "PCI-7.3",
|
|
231
|
+
"title": "Access to System Components and Data is Managed via Access Control Systems",
|
|
232
|
+
"goal": "Implement Strong Access Control Measures",
|
|
233
|
+
"requirement_number": "7",
|
|
234
|
+
"nist_800_53_refs": ["AC-3", "AC-6", "AC-6(5)", "CM-5"],
|
|
235
|
+
"description": "Access to system components and data is managed via an access control system that restricts access based on the defined access control model, with default deny-all and periodic review."
|
|
236
|
+
},
|
|
237
|
+
{
|
|
238
|
+
"id": "PCI-8.1",
|
|
239
|
+
"title": "Identification and Authentication Policies and Procedures",
|
|
240
|
+
"goal": "Implement Strong Access Control Measures",
|
|
241
|
+
"requirement_number": "8",
|
|
242
|
+
"nist_800_53_refs": ["IA-1", "IA-2", "IA-5", "PL-1"],
|
|
243
|
+
"description": "All security policies and operational procedures for identifying users and authenticating access to system components are documented, defining identity management, credential management, and MFA requirements."
|
|
244
|
+
},
|
|
245
|
+
{
|
|
246
|
+
"id": "PCI-8.2",
|
|
247
|
+
"title": "User Identification and Related Accounts Managed Throughout Lifecycle",
|
|
248
|
+
"goal": "Implement Strong Access Control Measures",
|
|
249
|
+
"requirement_number": "8",
|
|
250
|
+
"nist_800_53_refs": ["IA-2", "IA-4", "AC-2"],
|
|
251
|
+
"description": "All users are assigned a unique ID before accessing system components or cardholder data. Shared, group, or generic IDs are not used for administrative or critical access. Every action is attributable to an individual user."
|
|
252
|
+
},
|
|
253
|
+
{
|
|
254
|
+
"id": "PCI-8.3",
|
|
255
|
+
"title": "Strong Authentication Established and Managed",
|
|
256
|
+
"goal": "Implement Strong Access Control Measures",
|
|
257
|
+
"requirement_number": "8",
|
|
258
|
+
"nist_800_53_refs": ["IA-2", "IA-5", "IA-5(1)"],
|
|
259
|
+
"description": "Strong authentication for users and administrators is established through minimum password complexity of 12 characters with numeric and alphabetic, account lockout after 10 failed attempts, and session timeout after 15 minutes of inactivity."
|
|
260
|
+
},
|
|
261
|
+
{
|
|
262
|
+
"id": "PCI-8.4",
|
|
263
|
+
"title": "Multi-Factor Authentication Implemented for CDE and Remote Access",
|
|
264
|
+
"goal": "Implement Strong Access Control Measures",
|
|
265
|
+
"requirement_number": "8",
|
|
266
|
+
"nist_800_53_refs": ["IA-2(1)", "IA-2(2)", "IA-2(6)", "AC-17"],
|
|
267
|
+
"description": "Multi-factor authentication is implemented for all access into the CDE and for all remote network access originating from outside the entity's network, requiring at least two independent authentication factors."
|
|
268
|
+
},
|
|
269
|
+
{
|
|
270
|
+
"id": "PCI-8.5",
|
|
271
|
+
"title": "Multi-Factor Authentication Systems Configured to Prevent Misuse",
|
|
272
|
+
"goal": "Implement Strong Access Control Measures",
|
|
273
|
+
"requirement_number": "8",
|
|
274
|
+
"nist_800_53_refs": ["IA-2(1)", "IA-2(6)", "IA-5"],
|
|
275
|
+
"description": "Multi-factor authentication systems are configured to prevent misuse including replay attacks, and cannot be bypassed by any users including administrative users unless specifically documented and authorized."
|
|
276
|
+
},
|
|
277
|
+
{
|
|
278
|
+
"id": "PCI-8.6",
|
|
279
|
+
"title": "Application and System Accounts and Credentials Managed",
|
|
280
|
+
"goal": "Implement Strong Access Control Measures",
|
|
281
|
+
"requirement_number": "8",
|
|
282
|
+
"nist_800_53_refs": ["AC-2", "IA-5", "IA-5(7)", "CM-6"],
|
|
283
|
+
"description": "Use of application and system accounts and associated authentication factors is strictly managed, with interactive login disabled for application/service accounts and passwords/passphrases changed periodically."
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
"id": "PCI-9.1",
|
|
287
|
+
"title": "Physical Access Control Policies and Procedures",
|
|
288
|
+
"goal": "Implement Strong Access Control Measures",
|
|
289
|
+
"requirement_number": "9",
|
|
290
|
+
"nist_800_53_refs": ["PE-1", "PE-2", "PE-3", "PL-1"],
|
|
291
|
+
"description": "All security policies and operational procedures for restricting physical access to cardholder data are documented, covering access to data centers, server rooms, and areas housing cardholder data."
|
|
292
|
+
},
|
|
293
|
+
{
|
|
294
|
+
"id": "PCI-9.2",
|
|
295
|
+
"title": "Physical Access Controls Manage Entry into Sensitive Areas",
|
|
296
|
+
"goal": "Implement Strong Access Control Measures",
|
|
297
|
+
"requirement_number": "9",
|
|
298
|
+
"nist_800_53_refs": ["PE-2", "PE-3", "PE-6", "PE-8"],
|
|
299
|
+
"description": "Appropriate facility entry controls limit and monitor physical access to systems in the CDE, including badge readers, locks, surveillance cameras, and visitor management processes."
|
|
300
|
+
},
|
|
301
|
+
{
|
|
302
|
+
"id": "PCI-9.3",
|
|
303
|
+
"title": "Physical Access for Personnel and Visitors Authorized and Managed",
|
|
304
|
+
"goal": "Implement Strong Access Control Measures",
|
|
305
|
+
"requirement_number": "9",
|
|
306
|
+
"nist_800_53_refs": ["PE-2", "PE-3", "PE-8"],
|
|
307
|
+
"description": "Physical access for personnel and visitors is authorized and managed with identification badges, visitor escorts, visitor logs, and badge deactivation for terminated personnel."
|
|
308
|
+
},
|
|
309
|
+
{
|
|
310
|
+
"id": "PCI-9.4",
|
|
311
|
+
"title": "Media with Cardholder Data Securely Stored, Accessed, Distributed, and Destroyed",
|
|
312
|
+
"goal": "Implement Strong Access Control Measures",
|
|
313
|
+
"requirement_number": "9",
|
|
314
|
+
"nist_800_53_refs": ["MP-2", "MP-4", "MP-5", "MP-6"],
|
|
315
|
+
"description": "All media with cardholder data is physically secured, classified, and sent by secured courier. Hard-copy materials are destroyed via cross-cut shredding, incineration, or pulping when no longer needed."
|
|
316
|
+
},
|
|
317
|
+
{
|
|
318
|
+
"id": "PCI-9.5",
|
|
319
|
+
"title": "Point-of-Interaction Devices Protected from Tampering",
|
|
320
|
+
"goal": "Implement Strong Access Control Measures",
|
|
321
|
+
"requirement_number": "9",
|
|
322
|
+
"nist_800_53_refs": ["PE-3", "PE-6", "CM-3"],
|
|
323
|
+
"description": "Point-of-interaction (POI) devices are protected from tampering and unauthorized substitution through maintaining an up-to-date list of devices, periodic inspection, and training personnel to be aware of suspicious behavior."
|
|
324
|
+
},
|
|
325
|
+
{
|
|
326
|
+
"id": "PCI-10.1",
|
|
327
|
+
"title": "Logging and Monitoring Policies and Procedures",
|
|
328
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
329
|
+
"requirement_number": "10",
|
|
330
|
+
"nist_800_53_refs": ["AU-1", "AU-2", "PL-1", "SI-4"],
|
|
331
|
+
"description": "All security policies and operational procedures for logging and monitoring all access to system components and cardholder data are documented, defining auditable events, log retention periods, and monitoring responsibilities."
|
|
332
|
+
},
|
|
333
|
+
{
|
|
334
|
+
"id": "PCI-10.2",
|
|
335
|
+
"title": "Audit Logs Record User Activities and Anomalies",
|
|
336
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
337
|
+
"requirement_number": "10",
|
|
338
|
+
"nist_800_53_refs": ["AU-2", "AU-3", "AU-12", "AU-14"],
|
|
339
|
+
"description": "Audit logs are enabled and active for all system components to capture individual user accesses to cardholder data, administrative actions, access to audit trails, invalid access attempts, and identification/authentication events."
|
|
340
|
+
},
|
|
341
|
+
{
|
|
342
|
+
"id": "PCI-10.3",
|
|
343
|
+
"title": "Audit Logs are Protected from Destruction and Tampering",
|
|
344
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
345
|
+
"requirement_number": "10",
|
|
346
|
+
"nist_800_53_refs": ["AU-9", "AU-9(4)", "AU-8", "AU-8(1)"],
|
|
347
|
+
"description": "Audit logs are protected from destruction and unauthorized modifications using access controls, physical or logical separation, and time-synchronization technology. Logs are promptly backed up to a centralized log server."
|
|
348
|
+
},
|
|
349
|
+
{
|
|
350
|
+
"id": "PCI-10.4",
|
|
351
|
+
"title": "Audit Logs are Reviewed to Identify Anomalies",
|
|
352
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
353
|
+
"requirement_number": "10",
|
|
354
|
+
"nist_800_53_refs": ["AU-6", "AU-6(1)", "SI-4", "CA-7"],
|
|
355
|
+
"description": "Audit logs are reviewed at least once daily for all security events, logs of all CDE system components, critical system components, and systems performing security functions. Automated mechanisms are used to perform initial log reviews."
|
|
356
|
+
},
|
|
357
|
+
{
|
|
358
|
+
"id": "PCI-10.5",
|
|
359
|
+
"title": "Audit Log History Retained and Available for Analysis",
|
|
360
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
361
|
+
"requirement_number": "10",
|
|
362
|
+
"nist_800_53_refs": ["AU-11", "AU-4", "AU-9"],
|
|
363
|
+
"description": "Audit log history is retained for at least 12 months, with at least the most recent three months immediately available for analysis."
|
|
364
|
+
},
|
|
365
|
+
{
|
|
366
|
+
"id": "PCI-10.6",
|
|
367
|
+
"title": "Time-Synchronization Mechanisms Support Consistent Time",
|
|
368
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
369
|
+
"requirement_number": "10",
|
|
370
|
+
"nist_800_53_refs": ["AU-8", "AU-8(1)"],
|
|
371
|
+
"description": "Time-synchronization technology is implemented and kept current, with critical system clocks synchronized using NTP from designated authoritative time sources."
|
|
372
|
+
},
|
|
373
|
+
{
|
|
374
|
+
"id": "PCI-10.7",
|
|
375
|
+
"title": "Failures of Critical Security Controls Detected and Responded To",
|
|
376
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
377
|
+
"requirement_number": "10",
|
|
378
|
+
"nist_800_53_refs": ["SI-4", "SI-6", "CA-7", "IR-4"],
|
|
379
|
+
"description": "Failures of critical security control systems including firewalls, IDS/IPS, FIM, anti-malware, access controls, audit logging, and segmentation controls are detected, alerted, and addressed promptly."
|
|
380
|
+
},
|
|
381
|
+
{
|
|
382
|
+
"id": "PCI-11.1",
|
|
383
|
+
"title": "Security Testing Policies and Procedures",
|
|
384
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
385
|
+
"requirement_number": "11",
|
|
386
|
+
"nist_800_53_refs": ["CA-2", "RA-5", "PL-1", "CA-8"],
|
|
387
|
+
"description": "All security policies and operational procedures for regularly testing security of systems and networks are documented, defining vulnerability scanning, penetration testing, and network monitoring requirements."
|
|
388
|
+
},
|
|
389
|
+
{
|
|
390
|
+
"id": "PCI-11.2",
|
|
391
|
+
"title": "Wireless Access Points Identified and Monitored",
|
|
392
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
393
|
+
"requirement_number": "11",
|
|
394
|
+
"nist_800_53_refs": ["AC-18", "SI-4", "PM-14"],
|
|
395
|
+
"description": "Authorized and unauthorized wireless access points are managed by testing for the presence of wireless access points at least quarterly and identifying all authorized and unauthorized devices."
|
|
396
|
+
},
|
|
397
|
+
{
|
|
398
|
+
"id": "PCI-11.3",
|
|
399
|
+
"title": "Vulnerabilities Identified via Internal and External Scans",
|
|
400
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
401
|
+
"requirement_number": "11",
|
|
402
|
+
"nist_800_53_refs": ["RA-5", "RA-5(2)", "SI-2"],
|
|
403
|
+
"description": "Internal vulnerability scans are performed at least quarterly and after significant changes. External scans are performed quarterly by an Approved Scanning Vendor (ASV). High-risk and critical vulnerabilities are resolved and rescans confirm resolution."
|
|
404
|
+
},
|
|
405
|
+
{
|
|
406
|
+
"id": "PCI-11.4",
|
|
407
|
+
"title": "Penetration Testing Performed Regularly",
|
|
408
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
409
|
+
"requirement_number": "11",
|
|
410
|
+
"nist_800_53_refs": ["CA-8", "CA-8(1)", "RA-5"],
|
|
411
|
+
"description": "External and internal penetration testing is performed at least annually and after significant changes, covering both network-layer and application-layer testing. Exploitable vulnerabilities are corrected and retested."
|
|
412
|
+
},
|
|
413
|
+
{
|
|
414
|
+
"id": "PCI-11.5",
|
|
415
|
+
"title": "Network Intrusions and File Changes Detected and Responded To",
|
|
416
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
417
|
+
"requirement_number": "11",
|
|
418
|
+
"nist_800_53_refs": ["SI-4", "SI-7", "SI-7(1)", "IR-4"],
|
|
419
|
+
"description": "Intrusion-detection and intrusion-prevention techniques detect and prevent intrusions into the network. File integrity monitoring detects unauthorized modification of critical system files, configuration files, and content files."
|
|
420
|
+
},
|
|
421
|
+
{
|
|
422
|
+
"id": "PCI-11.6",
|
|
423
|
+
"title": "Unauthorized Changes on Payment Pages Detected and Responded To",
|
|
424
|
+
"goal": "Regularly Monitor and Test Networks",
|
|
425
|
+
"requirement_number": "11",
|
|
426
|
+
"nist_800_53_refs": ["SI-7", "SI-4", "CM-3"],
|
|
427
|
+
"description": "Change and tamper detection mechanisms are deployed on payment pages to alert personnel to unauthorized modification of HTTP headers and content of payment pages as received by the consumer browser."
|
|
428
|
+
},
|
|
429
|
+
{
|
|
430
|
+
"id": "PCI-12.1",
|
|
431
|
+
"title": "Information Security Policy Established and Maintained",
|
|
432
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
433
|
+
"requirement_number": "12",
|
|
434
|
+
"nist_800_53_refs": ["PL-1", "PL-2", "PM-1", "PM-9"],
|
|
435
|
+
"description": "An overall information security policy is established, published, maintained, and disseminated to all relevant personnel. The policy is reviewed at least annually and addresses all PCI DSS requirements."
|
|
436
|
+
},
|
|
437
|
+
{
|
|
438
|
+
"id": "PCI-12.2",
|
|
439
|
+
"title": "Acceptable Use Policies Defined and Implemented",
|
|
440
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
441
|
+
"requirement_number": "12",
|
|
442
|
+
"nist_800_53_refs": ["PL-4", "AC-20", "PS-6"],
|
|
443
|
+
"description": "Acceptable use policies for end-user technologies are defined, documented, and implemented, including explicit approval by authorized parties, acceptable uses of the technology, and list of company-approved products."
|
|
444
|
+
},
|
|
445
|
+
{
|
|
446
|
+
"id": "PCI-12.3",
|
|
447
|
+
"title": "Risks to Cardholder Data Environment Formally Identified and Managed",
|
|
448
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
449
|
+
"requirement_number": "12",
|
|
450
|
+
"nist_800_53_refs": ["RA-3", "RA-3(1)", "PM-9"],
|
|
451
|
+
"description": "A formal risk assessment is performed at least annually and upon significant changes, identifying critical assets, threats, and vulnerabilities, resulting in documented risk analysis and targeted risk management."
|
|
452
|
+
},
|
|
453
|
+
{
|
|
454
|
+
"id": "PCI-12.4",
|
|
455
|
+
"title": "PCI DSS Compliance is Managed",
|
|
456
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
457
|
+
"requirement_number": "12",
|
|
458
|
+
"nist_800_53_refs": ["PM-1", "PM-2", "PM-10", "CA-2"],
|
|
459
|
+
"description": "Executive management establishes responsibility for the protection of cardholder data and a PCI DSS compliance program, with a designated individual or team accountable for PCI DSS compliance."
|
|
460
|
+
},
|
|
461
|
+
{
|
|
462
|
+
"id": "PCI-12.5",
|
|
463
|
+
"title": "PCI DSS Scope Documented and Validated",
|
|
464
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
465
|
+
"requirement_number": "12",
|
|
466
|
+
"nist_800_53_refs": ["CA-2", "CA-7", "PM-5", "RA-2"],
|
|
467
|
+
"description": "The scope of PCI DSS is documented and confirmed by the entity at least annually and upon significant change to the in-scope environment, including identification of all system components, people, processes, and technologies."
|
|
468
|
+
},
|
|
469
|
+
{
|
|
470
|
+
"id": "PCI-12.6",
|
|
471
|
+
"title": "Security Awareness Education is an Ongoing Activity",
|
|
472
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
473
|
+
"requirement_number": "12",
|
|
474
|
+
"nist_800_53_refs": ["AT-1", "AT-2", "AT-2(2)", "AT-3"],
|
|
475
|
+
"description": "A formal security awareness program is implemented, with training upon hire and at least annually thereafter, including awareness of threats, cardholder data protection responsibilities, and phishing and social engineering."
|
|
476
|
+
},
|
|
477
|
+
{
|
|
478
|
+
"id": "PCI-12.7",
|
|
479
|
+
"title": "Personnel are Screened to Reduce Insider Threat Risks",
|
|
480
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
481
|
+
"requirement_number": "12",
|
|
482
|
+
"nist_800_53_refs": ["PS-3", "PS-3(3)", "PS-7"],
|
|
483
|
+
"description": "Potential personnel who will have access to the CDE are screened prior to hire to minimize the risk of attacks from internal sources, including background checks within local law constraints."
|
|
484
|
+
},
|
|
485
|
+
{
|
|
486
|
+
"id": "PCI-12.8",
|
|
487
|
+
"title": "Third-Party Service Providers Managed and Monitored",
|
|
488
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
489
|
+
"requirement_number": "12",
|
|
490
|
+
"nist_800_53_refs": ["SA-9", "PS-7", "SR-1", "SR-6"],
|
|
491
|
+
"description": "Risk to information assets associated with third-party service provider relationships is managed through maintained inventory, written agreements acknowledging security responsibility, due diligence, and annual compliance monitoring."
|
|
492
|
+
},
|
|
493
|
+
{
|
|
494
|
+
"id": "PCI-12.9",
|
|
495
|
+
"title": "TPSPs Support Customers' PCI DSS Compliance",
|
|
496
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
497
|
+
"requirement_number": "12",
|
|
498
|
+
"nist_800_53_refs": ["SA-9", "SA-9(2)", "SA-4"],
|
|
499
|
+
"description": "Third-party service providers support their customers' PCI DSS compliance by providing written agreement of their PCI DSS responsibilities and responding to customer requests for compliance information."
|
|
500
|
+
},
|
|
501
|
+
{
|
|
502
|
+
"id": "PCI-12.10",
|
|
503
|
+
"title": "Security Incidents and Suspected Compromises Responded To Immediately",
|
|
504
|
+
"goal": "Support Information Security with Organizational Policies and Programs",
|
|
505
|
+
"requirement_number": "12",
|
|
506
|
+
"nist_800_53_refs": ["IR-1", "IR-2", "IR-4", "IR-6", "IR-8"],
|
|
507
|
+
"description": "An incident response plan exists and is ready to be activated, defining roles, communication strategies, specific procedures, business recovery, legal requirements, and payment brand notification. The plan is tested annually."
|
|
508
|
+
}
|
|
509
|
+
]
|
|
510
|
+
}
|
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
////////////////////////////////////////////////////////////////////
|
|
2
|
+
CONTROLLED UNCLASSIFIED INFORMATION (CUI) // SP-CTI
|
|
3
|
+
Distribution: Distribution D -- Authorized DoD Personnel Only
|
|
4
|
+
////////////////////////////////////////////////////////////////////
|
|
5
|
+
|
|
6
|
+
# PLAN OF ACTION AND MILESTONES (POA&M)
|
|
7
|
+
|
|
8
|
+
**System Name:** {{system_name}}
|
|
9
|
+
|
|
10
|
+
**System Identifier:** {{system_id}}
|
|
11
|
+
|
|
12
|
+
**Project ID:** {{project_id}}
|
|
13
|
+
|
|
14
|
+
**POA&M Version:** {{poam_version}}
|
|
15
|
+
|
|
16
|
+
**Date Generated:** {{generation_date}}
|
|
17
|
+
|
|
18
|
+
**Prepared By:** {{prepared_by}}
|
|
19
|
+
|
|
20
|
+
**System Owner:** {{system_owner}}
|
|
21
|
+
|
|
22
|
+
**ISSM:** {{issm_name}}
|
|
23
|
+
|
|
24
|
+
**Classification:** {{classification}}
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Summary
|
|
29
|
+
|
|
30
|
+
| Severity | Open | In Progress | Completed | Accepted Risk | Total |
|
|
31
|
+
|----------|------|-------------|-----------|---------------|-------|
|
|
32
|
+
| Critical | {{critical_open}} | {{critical_in_progress}} | {{critical_completed}} | {{critical_accepted}} | {{critical_total}} |
|
|
33
|
+
| High | {{high_open}} | {{high_in_progress}} | {{high_completed}} | {{high_accepted}} | {{high_total}} |
|
|
34
|
+
| Moderate | {{moderate_open}} | {{moderate_in_progress}} | {{moderate_completed}} | {{moderate_accepted}} | {{moderate_total}} |
|
|
35
|
+
| Low | {{low_open}} | {{low_in_progress}} | {{low_completed}} | {{low_accepted}} | {{low_total}} |
|
|
36
|
+
| **Total** | **{{total_open}}** | **{{total_in_progress}}** | **{{total_completed}}** | **{{total_accepted}}** | **{{grand_total}}** |
|
|
37
|
+
|
|
38
|
+
---
|
|
39
|
+
|
|
40
|
+
## POA&M Items
|
|
41
|
+
|
|
42
|
+
| ID | Weakness | Severity | Related Control | Deficiency Description | Corrective Action | Resources Required | Milestone Date | Status | Completion Date | Responsible Party |
|
|
43
|
+
|----|----------|----------|-----------------|----------------------|-------------------|--------------------|----------------|--------|-----------------|-------------------|
|
|
44
|
+
{{poam_items}}
|
|
45
|
+
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
## Item Detail
|
|
49
|
+
|
|
50
|
+
{{poam_item_details}}
|
|
51
|
+
|
|
52
|
+
### POA&M Item Template
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
#### {{item_id}}: {{item_weakness}}
|
|
57
|
+
|
|
58
|
+
**Severity:** {{item_severity}}
|
|
59
|
+
|
|
60
|
+
**Related NIST 800-53 Control:** {{item_control_id}} - {{item_control_title}}
|
|
61
|
+
|
|
62
|
+
**Source:** {{item_source}}
|
|
63
|
+
|
|
64
|
+
**Date Identified:** {{item_date_identified}}
|
|
65
|
+
|
|
66
|
+
**Deficiency Description:**
|
|
67
|
+
|
|
68
|
+
{{item_deficiency_description}}
|
|
69
|
+
|
|
70
|
+
**Corrective Action Plan:**
|
|
71
|
+
|
|
72
|
+
{{item_corrective_action}}
|
|
73
|
+
|
|
74
|
+
**Resources Required:**
|
|
75
|
+
|
|
76
|
+
{{item_resources_required}}
|
|
77
|
+
|
|
78
|
+
**Milestones:**
|
|
79
|
+
|
|
80
|
+
| Milestone | Target Date | Status | Actual Date |
|
|
81
|
+
|-----------|-------------|--------|-------------|
|
|
82
|
+
| {{milestone_1}} | {{milestone_1_date}} | {{milestone_1_status}} | {{milestone_1_actual}} |
|
|
83
|
+
| {{milestone_2}} | {{milestone_2_date}} | {{milestone_2_status}} | {{milestone_2_actual}} |
|
|
84
|
+
|
|
85
|
+
**Status:** {{item_status}}
|
|
86
|
+
|
|
87
|
+
**Completion Date:** {{item_completion_date}}
|
|
88
|
+
|
|
89
|
+
**Responsible Party:** {{item_responsible_party}}
|
|
90
|
+
|
|
91
|
+
**Risk Acceptance (if applicable):**
|
|
92
|
+
|
|
93
|
+
{{item_risk_acceptance}}
|
|
94
|
+
|
|
95
|
+
**Comments:**
|
|
96
|
+
|
|
97
|
+
{{item_comments}}
|
|
98
|
+
|
|
99
|
+
---
|
|
100
|
+
|
|
101
|
+
## Revision History
|
|
102
|
+
|
|
103
|
+
| Version | Date | Author | Description |
|
|
104
|
+
|---------|------|--------|-------------|
|
|
105
|
+
| {{rev_version_1}} | {{rev_date_1}} | {{rev_author_1}} | {{rev_desc_1}} |
|
|
106
|
+
|
|
107
|
+
---
|
|
108
|
+
|
|
109
|
+
**Document Classification:** {{classification}}
|
|
110
|
+
|
|
111
|
+
**Generated by:** ICDEV Compliance Engine v{{icdev_version}}
|
|
112
|
+
|
|
113
|
+
**Generated on:** {{generation_date}}
|
|
114
|
+
|
|
115
|
+
////////////////////////////////////////////////////////////////////
|
|
116
|
+
CUI // SP-CTI | Department of Defense
|
|
117
|
+
////////////////////////////////////////////////////////////////////
|