PyPI - regscale-cli - Versions diffs - 6.20.1.1__py3-none-any.whl → 6.20.3.0__py3-none-any.whl - Mend - Supply Chain Defender

regscale-cli 6.20.1.1py3-none-any.whl → 6.20.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (55) hide show

regscale/integrations/public/cisa.py CHANGED Viewed

@@ -7,7 +7,7 @@ import logging
 import re
 from concurrent.futures import ALL_COMPLETED, ThreadPoolExecutor, wait
 from datetime import date, datetime
-from typing import List, Optional, Tuple, Any, Dict
+from typing import List, Optional, Tuple, Any, Dict, Union
 from urllib.error import URLError
 from urllib.parse import urlparse
@@ -23,6 +23,7 @@ from regscale.core.app.application import Application
 from regscale.core.app.internal.login import is_valid
 from regscale.models import Link, Threat
 from regscale.core.app.utils.app_utils import error_and_exit
+from regscale.utils.string import extract_url
 logger = logging.getLogger("regscale")
 console = Console()
@@ -71,22 +72,9 @@ def update_regscale_links(threats: List[Threat]) -> None:
     :rtype: None
     """
-    # extract url from html string using regex
-    def extract_url(html: str) -> str:
-        """
-        Extract URL from HTML string
-        :param str html: HTML string
-        :return: URL
-        :rtype: str
-        """
-        url = re.findall(r"(?P<url>https?://[^\s]+)", html)
-        return url[0].replace('"', "") if url else None
     links = []
     for threat in threats:
-        url = extract_url(threat.description)
-        if threat.description:
+        if url := extract_url(threat.description):
             link = Link(
                 parentID=threat.id,
                 parentModule="threats",
@@ -115,9 +103,8 @@ def process_threats(threats: list[Threat], unique_threats: set[str], reg_threats
             update_dict = threat.dict()
             update_dict = merge_old(update_dict, old_dict)
             update_threats.append(update_dict)  # Update
-        else:
-            if threat:
-                insert_threats.append(threat.dict())  # Post
+        elif threat:
+            insert_threats.append(threat.dict())  # Post
     return insert_threats, update_threats
@@ -218,29 +205,29 @@ def build_threat(app: Application, detailed_link: str, short_description: str, t
     :rtype: Threat
     """
     dat = parse_details(detailed_link)
-    threat = None
-    if dat:
-        date_created = dat[0]
-        vulnerability = dat[1]
-        mitigation = dat[2]
-        notes = dat[3]
-        threat = Threat(
-            uuid=Threat.xstr(None),
-            title=title,
-            threatType="Specific",
-            threatOwnerId=app.config["userId"],
-            dateIdentified=date_created,
-            targetType="Other",
-            source="Open Source",
-            description=short_description or f"""<p><a href="{detailed_link}" title="">{detailed_link}</a></p>""",
-            vulnerabilityAnalysis="".join(vulnerability),
-            mitigations="".join(mitigation),
-            notes="".join(notes),
-            dateCreated=date_created,
-            status="Initial Report/Notification",
-        )
-    return threat
+    if not dat:
+        return None
+    date_created = dat[0]
+    vulnerability = dat[1]
+    mitigation = dat[2]
+    notes = dat[3]
+    return Threat(
+        uuid=Threat.xstr(None),
+        title=title,
+        threatType="Specific",
+        threatOwnerId=app.config["userId"],
+        dateIdentified=date_created,
+        targetType="Other",
+        source="Open Source",
+        description=short_description or f"""<p><a href="{detailed_link}" title="">{detailed_link}</a></p>""",
+        vulnerabilityAnalysis="".join(vulnerability),
+        mitigations="".join(mitigation),
+        notes="".join(notes),
+        dateCreated=date_created,
+        status="Initial Report/Notification",
+    )
 def filter_elements(element: Tag) -> Optional[Tag]:
@@ -332,7 +319,8 @@ def parse_details(link: str) -> Optional[Tuple[str, list, list, list]]:
     mitigation = []
     notes = []
     detailed_soup = gen_soup(link)
-    date_created = fuzzy_find_date(detailed_soup)
+    if not (date_created := fuzzy_find_date(detailed_soup)):
+        return None
     last_header = None
     last_h3 = None
     nav_string = ""
@@ -357,9 +345,8 @@ def parse_details(link: str) -> Optional[Tuple[str, list, list, list]]:
         notes.append(DEFAULT_STR)
     if len(mitigation) == 0:
         mitigation.append(DEFAULT_STR)
-    if date_created and vulnerability and mitigation and notes:
-        return date_created, unique(vulnerability), unique(mitigation), unique(notes)
-    return None
+    return date_created, unique(vulnerability), unique(mitigation), unique(notes)
 def fuzzy_find_date(detailed_soup: BeautifulSoup, location: int = 2, attempts: int = 0) -> str:
@@ -396,7 +383,7 @@ def fuzzy_find_date(detailed_soup: BeautifulSoup, location: int = 2, attempts: i
     return fuzzy_dt
-def gen_soup(url: str) -> BeautifulSoup:
+def gen_soup(url: Union[str, Tuple[str, ...]]) -> BeautifulSoup:
     """
     Generate a BeautifulSoup instance for the given URL
@@ -404,7 +391,7 @@ def gen_soup(url: str) -> BeautifulSoup:
     :raises: URLError if URL is invalid
     :rtype: BeautifulSoup
     """
-    if isinstance(url, Tuple):
+    if isinstance(url, tuple):
         url = url[0]
     if is_url(url):
         req = Api().get(url)
@@ -445,7 +432,7 @@ def pull_cisa_kev() -> Dict[Any, Any]:
         result = []
         # Get URL from config or use default
-        if "cisa_kev" in config:
+        if "cisaKev" in config:
             cisa_url = config["cisaKev"]
         else:
             cisa_url = CISA_KEV_URL
@@ -504,7 +491,7 @@ def update_regscale(data: dict) -> None:
     threats_updated = []
     new_threats = [dat for dat in data["vulnerabilities"] if dat not in matching_threats]
     console.print(f"Found {len(new_threats)} new threats from CISA")
-    if [dat for dat in data["vulnerabilities"] if dat not in matching_threats]:
+    if new_threats:
         for rec in new_threats:
             threat = Threat(
                 uuid=Threat.xstr(None),
@@ -558,20 +545,28 @@ def merge_old(update_vuln: dict, old_vuln: dict) -> dict:
     :return: A merged vulnerability dictionary
     :rtype: dict
     """
-    update_vuln["id"] = old_vuln["id"]
-    update_vuln["uuid"] = old_vuln["uuid"]
-    update_vuln["status"] = old_vuln["status"]
-    update_vuln["source"] = old_vuln["source"]
-    update_vuln["threatType"] = old_vuln["threatType"]
-    update_vuln["threatOwnerId"] = old_vuln["threatOwnerId"]
-    update_vuln["notes"] = old_vuln["notes"]
-    update_vuln["targetType"] = old_vuln["targetType"]
-    update_vuln["dateCreated"] = old_vuln["dateCreated"]
-    update_vuln["isPublic"] = old_vuln["isPublic"]
-    update_vuln["investigated"] = old_vuln["investigated"]
-    if "investigationResults" in old_vuln.keys():
-        update_vuln["investigationResults"] = old_vuln["investigationResults"]
-    return update_vuln
+    fields_to_preserve = [
+        "id",
+        "uuid",
+        "status",
+        "source",
+        "threatType",
+        "threatOwnerId",
+        "notes",
+        "targetType",
+        "dateCreated",
+        "isPublic",
+        "investigated",
+        "investigationResults",
+    ]
+    merged = update_vuln.copy()
+    # Preserve specified fields from old dictionary if they exist
+    for field in fields_to_preserve:
+        if field in old_vuln:
+            merged[field] = old_vuln[field]
+    return merged
 def insert_or_upd_threat(threat: dict, app: Application, threat_id: int = None) -> requests.Response:

regscale/integrations/public/fedramp/fedramp_cis_crm.py CHANGED Viewed

@@ -22,7 +22,7 @@ from regscale.core.app.utils.app_utils import create_progress_object, error_and_
 from regscale.core.utils.graphql import GraphQLQuery
 from regscale.integrations.public.fedramp.parts_mapper import PartMapper
 from regscale.integrations.public.fedramp.ssp_logger import SSPLogger
-from regscale.models import ControlObjective, ImplementationObjective, Parameter, Profile
+from regscale.models import ControlObjective, ImplementationObjective, ImportValidater, Parameter, Profile
 from regscale.models.regscale_models import (
     ControlImplementation,
     File,
@@ -39,6 +39,7 @@ if TYPE_CHECKING:
     import pandas as pd
 from functools import lru_cache
+from tempfile import gettempdir
 T = TypeVar("T")
@@ -49,11 +50,14 @@ progress = create_progress_object()
 SERVICE_PROVIDER_CORPORATE = "Service Provider Corporate"
 SERVICE_PROVIDER_SYSTEM_SPECIFIC = "Service Provider System Specific"
-SERVICE_PROVIDER_HYBRID = "Service Provider Hybrid"
+SERVICE_PROVIDER_HYBRID = "Service Provider Hybrid (Corporate and System Specific)"
 PROVIDER_SYSTEM_SPECIFIC = "Provider (System Specific)"
-CUSTOMER_PROVIDED = "Provided by Customer"
+CUSTOMER_PROVIDED = "Customer Provided"
 CUSTOMER_CONFIGURED = "Customer Configured"
-CONFIGURED_BY_CUSTOMER = "Configured by Customer"
+PROVIDED_BY_CUSTOMER = "Provided by Customer (Customer System Specific)"
+CONFIGURED_BY_CUSTOMER = "Configured by Customer (Customer System Specific)"
+INHERITED = "Inherited from pre-existing FedRAMP Authorization"
+SHARED = "Shared (Service Provider and Customer Responsibility)"
 NOT_IMPLEMENTED = ControlImplementationStatus.NotImplemented.value
 PARTIALLY_IMPLEMENTED = ControlImplementationStatus.PartiallyImplemented.value
 CONTROL_ID = "Control ID"
@@ -77,10 +81,10 @@ STATUS_MAPPING = {
 RESPONSIBILITY_MAP = {
     # Original keys
-    "SERVICE_PROVIDER_CORPORATE": "Provider",
+    SERVICE_PROVIDER_CORPORATE: SERVICE_PROVIDER_CORPORATE,
     SERVICE_PROVIDER_SYSTEM_SPECIFIC: PROVIDER_SYSTEM_SPECIFIC,
     SERVICE_PROVIDER_HYBRID: "Hybrid",
-    CUSTOMER_PROVIDED: "Customer",
+    PROVIDED_BY_CUSTOMER: "Customer",
     CONFIGURED_BY_CUSTOMER: CUSTOMER_CONFIGURED,
     "Shared": "Shared",
     "Inherited": "Inherited",
@@ -241,52 +245,44 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
 def map_origination(control_id: str, cis_data: dict) -> dict:
     """
-    Function to map the responsibility for a control implementation from the CRM worksheet
-    :param str control_id: RegScale control ID
-    :param dict cis_data: Data from the CRM worksheet
-    :return: The responsibility information in regscale format
-    :rtype: dict
-    """
-    origination_bools = {
-        "bInherited": False,
-        "bServiceProviderCorporate": False,
-        "bServiceProviderSystemSpecific": False,
-        "bServiceProviderHybrid": False,
-        "bConfiguredByCustomer": False,
-        "bProvidedByCustomer": False,
-        "bShared": False,
-        "record_text": "",
+    Map control implementation responsibility from CRM worksheet data.
+    :param control_id: RegScale control ID
+    :param cis_data: Data from the CRM worksheet
+    :return: Responsibility information in regscale format
+    """
+    # Define mapping of origination strings to boolean keys
+    origination_mapping = {
+        SERVICE_PROVIDER_CORPORATE: "bServiceProviderCorporate",
+        SERVICE_PROVIDER_SYSTEM_SPECIFIC: "bServiceProviderSystemSpecific",
+        SERVICE_PROVIDER_HYBRID: "bServiceProviderHybrid",
+        PROVIDED_BY_CUSTOMER: "bProvidedByCustomer",
+        CONFIGURED_BY_CUSTOMER: "bConfiguredByCustomer",
+        SHARED: "bShared",
+        INHERITED: "bInherited",
     }
-    cis_records = [
-        value for _, value in cis_data.items() if gen_key(value["regscale_control_id"]).lower() == control_id.lower()
+    # Initialize result with all flags set to False
+    result = {key: False for key in origination_mapping.values()}
+    result["record_text"] = ""
+    # Find matching CIS records
+    matching_records = [
+        record for record in cis_data.values() if gen_key(record["regscale_control_id"]).lower() == control_id.lower()
     ]
-    for record in cis_records:
-        # Create the implementation objective, and save.
+    # Process each matching record
+    for record in matching_records:
         control_origination = record.get("control_origination", "")
-        if SERVICE_PROVIDER_CORPORATE in control_origination:
-            # responsibility = "Provider"
-            origination_bools["bServiceProviderCorporate"] = True
-        if SERVICE_PROVIDER_SYSTEM_SPECIFIC in control_origination:
-            # responsibility = "Provider (System Specific)"
-            origination_bools["bServiceProviderSystemSpecific"] = True
-        if SERVICE_PROVIDER_HYBRID in control_origination:
-            # responsibility = "Hybrid"
-            origination_bools["bServiceProviderHybrid"] = True
-        if CUSTOMER_PROVIDED in control_origination:
-            # responsibility = "Customer"
-            origination_bools["bProvidedByCustomer"] = True
-        if CONFIGURED_BY_CUSTOMER in control_origination:
-            # responsibility = "Customer Configured"
-            origination_bools["bConfiguredByCustomer"] = True
-        if "Shared" in control_origination:
-            # responsibility = "Shared"
-            origination_bools["bShared"] = True
-        if "Inherited" in control_origination:
-            # responsibility = "Inherited"
-            origination_bools["bInherited"] = True
-        origination_bools["record_text"] += control_origination
-    return origination_bools
+        # Set flags based on origination string content
+        for origination_str, bool_key in origination_mapping.items():
+            if origination_str in control_origination:
+                result[bool_key] = True
+        if control_origination not in result["record_text"]:
+            result["record_text"] += control_origination
+    return result
 def clean_customer_responsibility(value: str):
@@ -331,16 +327,6 @@ def update_imp_objective(
         NOT_IMPLEMENTED: NOT_IMPLEMENTED,
     }
-    responsibility_map = {
-        "Provider": SERVICE_PROVIDER_CORPORATE,
-        PROVIDER_SYSTEM_SPECIFIC: SERVICE_PROVIDER_SYSTEM_SPECIFIC,
-        "Customer": "Provided by Customer (Customer System Specific)",
-        "Hybrid": "Service Provider Hybrid (Corporate and System Specific)",
-        CUSTOMER_CONFIGURED: "Configured by Customer (Customer System Specific)",
-        "Shared": "Shared (Service Provider and Customer Responsibility)",
-        "Inherited": "Inherited from pre-existing FedRAMP Authorization",
-    }
     cis_record = record.get("cis", {})
     crm_record = record.get("crm", {})
     # There could be multiples, take the first one as regscale will not allow multiples at the objective level.
@@ -349,22 +335,26 @@ def update_imp_objective(
         control_originations[ix] = control_origination.strip()
     try:
-        responsibility = RESPONSIBILITY_MAP.get(
-            next(origin for origin in control_originations), SERVICE_PROVIDER_CORPORATE
-        )
+        responsibility = next(origin for origin in control_originations)
     except StopIteration:
-        responsibility = SERVICE_PROVIDER_CORPORATE
+        if imp.responsibility:
+            responsibility = imp.responsibility.split(",")[0]  # only one responsiblity allowed here.
+        else:
+            responsibility = SERVICE_PROVIDER_CORPORATE
     customer_responsibility = clean_customer_responsibility(
         crm_record.get("specific_inheritance_and_customer_agency_csp_responsibilities")
     )
     existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
-    responsibility = responsibility_map.get(responsibility, responsibility)
     logger.debug(f"CRM Record: {crm_record}")
     can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
     for objective in objectives:
         current_pair = (objective.id, imp.id)
         if current_pair not in existing_pairs:
+            if objective.securityControlId != imp.controlID:
+                # This is a bad match, do not save.
+                continue
             imp_obj = ImplementationObjective(
                 id=0,
                 uuid="",
@@ -451,10 +441,16 @@ def parse_control_details(
     control_imp.bServiceProviderSystemSpecific = origination_bool["bServiceProviderSystemSpecific"]
     control_imp.bServiceProviderHybrid = origination_bool["bServiceProviderHybrid"]
     control_imp.bConfiguredByCustomer = origination_bool["bConfiguredByCustomer"]
+    control_imp.bShared = origination_bool["bShared"]
     control_imp.bProvidedByCustomer = origination_bool["bProvidedByCustomer"]
-    # NOTE Dale was concerned with overwriting the responsibility text, so we will only update if empty
-    if not control_imp.responsibility:
-        control_imp.responsibility = get_responsibility(origination_bool)
+    control_imp.responsibility = get_responsibility(origination_bool)
+    logger.debug(f"Control Implementation Responsibility: {control_imp.responsibility}")
+    logger.debug(f"Control Implementation Status: {control_imp.status}")
+    if status == ControlImplementationStatus.Planned:
+        control_imp.stepsToImplement = "PLANNED"
+        control_imp.plannedImplementationDate = get_current_datetime("%Y-%m-%d")
+    if status in [ControlImplementationStatus.Planned, ControlImplementationStatus.NotImplemented]:
+        control_imp.exclusionJustification = "Imported from FedRAMP CIS CRM Workbook"
     if updated_control := control_imp.save():
         logger.debug("Control Implementation #%s updated successfully", control_imp.id)
         return updated_control
@@ -465,29 +461,31 @@ def parse_control_details(
 def get_responsibility(origination_bool: dict) -> str:
     """
     Function to map the responsibility based on origination booleans.
+    Returns comma-separated string of all responsibilities for True booleans.
     :param dict origination_bool: Dictionary containing origination booleans
-    :return: Responsibility string
+    :return: Comma-separated responsibility string
     :rtype: str
     """
-    responsibility = ControlImplementationStatus.NA.value
+    responsibilities = []
-    if origination_bool["bServiceProviderCorporate"]:
-        responsibility = SERVICE_PROVIDER_CORPORATE
-    if origination_bool["bServiceProviderSystemSpecific"]:
-        responsibility = SERVICE_PROVIDER_SYSTEM_SPECIFIC
-    if origination_bool["bServiceProviderHybrid"]:
-        responsibility = "Service Provider Hybrid"
-    if origination_bool["bProvidedByCustomer"]:
-        responsibility = "Provided by Customer"
-    if origination_bool["bConfiguredByCustomer"]:
-        responsibility = "Configured by Customer (Customer System Specific)"
-    if origination_bool["bInherited"]:
-        responsibility = "Inherited from pre-existing FedRAMP Authorization"
-    if origination_bool["bShared"]:
-        responsibility = "Shared (Service Provider and Customer Responsibility)"
+    if origination_bool.get("bServiceProviderCorporate", False):
+        responsibilities.append(SERVICE_PROVIDER_CORPORATE)
+    if origination_bool.get("bServiceProviderSystemSpecific", False):
+        responsibilities.append(SERVICE_PROVIDER_SYSTEM_SPECIFIC)
+    if origination_bool.get("bServiceProviderHybrid", False):
+        responsibilities.append(SERVICE_PROVIDER_HYBRID)
+    if origination_bool.get("bProvidedByCustomer", False):
+        responsibilities.append(PROVIDED_BY_CUSTOMER)
+    if origination_bool.get("bConfiguredByCustomer", False):
+        responsibilities.append(CONFIGURED_BY_CUSTOMER)
+    if origination_bool.get("bInherited", False):
+        responsibilities.append(INHERITED)
+    if origination_bool.get("bShared", False):
+        responsibilities.append(SHARED)
-    return responsibility
+    # Return comma-separated string, or NA if no responsibilities found
+    return ",".join(responsibilities) if responsibilities else ControlImplementationStatus.NA.value
 def fetch_and_update_imps(
@@ -706,6 +704,7 @@ def process_implementation(
             errors.extend(method_errors)
         if result:
             processed_objectives.append(result)
+    # Update Control Origin at the Implementation Level
     return errors, processed_objectives
@@ -828,7 +827,6 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
     :return: Formatted CRM content
     :rtype: dict
     """
-    pd = get_pandas()
     logger.info("Parsing CRM worksheet...")
     formatted_crm = {}
@@ -838,13 +836,19 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
     # Value for rev4
     skip_rows = 3
-    original_data = pd.read_excel(
-        str(file_path),
-        sheet_name=crm_sheet_name,
+    validator = ImportValidater(
+        file_path=file_path,
+        disable_mapping=True,
+        required_headers=[],
+        mapping_file_path=gettempdir(),
+        prompt=False,
+        ignore_unnamed=True,
+        worksheet_name=crm_sheet_name,
+        warn_extra_headers=False,
     )
     # find index of row where the first column == Control ID
-    skip_rows = determine_skip_row(original_df=original_data, text_to_find=CONTROL_ID, original_skip=skip_rows)
+    skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
     logger.debug(f"Skipping {skip_rows} rows in CRM worksheet")
@@ -856,13 +860,43 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
     ]
     try:
+        # Verify that the columns are in the dataframe
+        header_row = validator.data.iloc[skip_rows - 1 :].iloc[0]
+        # Check if we have enough columns
+        if len(header_row) < len(usecols):
+            error_and_exit(
+                f"Not enough columns found in CRM worksheet. Expected {len(usecols)} columns but found {len(header_row)}."
+            )
+        # Verify each required column exists in the correct position
+        missing_columns = []
+        for i, expected_col in enumerate(usecols):
+            if header_row.iloc[i] != expected_col:
+                missing_columns.append(
+                    f"Expected '{expected_col}' at position {i + 1} but found '{header_row.iloc[i]}'"
+                )
+        if missing_columns:
+            error_msg = "Required columns not found in the CRM worksheet:\n" + "\n".join(missing_columns)
+            error_and_exit(error_msg)
+        logger.debug("Verified all required columns exist in CRM worksheet")
         # Reindex the dataframe and skip some rows
-        data = original_data.iloc[skip_rows:].reset_index(drop=True)
+        data = validator.data.iloc[skip_rows:]
+        # Keep only the first three columns
+        data = data.iloc[:, :3]
+        # Rename the columns to match usecols
         data.columns = usecols
+        logger.debug(f"Kept only required columns: {', '.join(usecols)}")
     except KeyError as e:
         error_and_exit(f"KeyError: {e} - One or more columns specified in usecols are not found in the dataframe.")
     except Exception as e:
-        error_and_exit(f"An error occurred: {e}")
+        error_and_exit(f"An error occurred while processing CRM worksheet: {str(e)}")
     # Filter rows where "Can Be Inherited from CSP" is not equal to "No"
     exclude_no = data[data[CAN_BE_INHERITED_CSP] != "No"]
@@ -902,10 +936,21 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
     pd = get_pandas()
     logger.info("Parsing CIS worksheet...")
     skip_rows = 2
-    # Parse the worksheet named 'CIS GovCloud U.S.+DoD (H)', skipping the initial rows
-    original_cis = pd.read_excel(file_path, sheet_name=cis_sheet_name)
-    skip_rows = determine_skip_row(original_df=original_cis, text_to_find=CONTROL_ID, original_skip=skip_rows)
+    validator = ImportValidater(
+        file_path=file_path,
+        disable_mapping=True,
+        required_headers=[],
+        mapping_file_path=gettempdir(),
+        prompt=False,
+        ignore_unnamed=True,
+        worksheet_name=cis_sheet_name,
+        warn_extra_headers=False,
+    )
+    skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
+    # Parse the worksheet named 'CIS GovCloud U.S.+DoD (H)', skipping the initial rows
+    original_cis = validator.data
     cis_df = original_cis.iloc[skip_rows:].reset_index(drop=True)
@@ -918,6 +963,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
     # Reset the index
     cis_df.reset_index(drop=True, inplace=True)
+    # Only keep the first 13 columns
+    cis_df = cis_df.iloc[:, :13]
     # Rename columns to standardize names
     cis_df.columns = [
         CONTROL_ID,
@@ -930,9 +978,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         SERVICE_PROVIDER_SYSTEM_SPECIFIC,
         SERVICE_PROVIDER_HYBRID,
         CONFIGURED_BY_CUSTOMER,
-        CUSTOMER_PROVIDED,
-        "Shared Responsibility",
-        "Inherited Authorization",
+        PROVIDED_BY_CUSTOMER,
+        SHARED,
+        INHERITED,
     ]
     # Fill NaN values with an empty string for processing
@@ -973,9 +1021,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
             SERVICE_PROVIDER_SYSTEM_SPECIFIC,
             SERVICE_PROVIDER_HYBRID,
             CONFIGURED_BY_CUSTOMER,
-            CUSTOMER_PROVIDED,
-            "Shared Responsibility",
-            "Inherited Authorization",
+            PROVIDED_BY_CUSTOMER,
+            SHARED,
+            INHERITED,
         ]:
             if data_row[col]:
                 selected_origination.append(col)
@@ -1102,15 +1150,15 @@ def parse_instructions_worksheet(
     return instructions_df.to_dict(orient="records")
-def update_responsiblity_text():
+def update_customer_text():
     """
     Update the implementation responsibility texts from the objective data
     """
     with ThreadPoolExecutor() as executor:
-        executor.map(_update_imp_responsibility, EXISTING_IMPLEMENTATIONS.values())
+        executor.map(_update_imp_customer, EXISTING_IMPLEMENTATIONS.values())
-def _update_imp_responsibility(imp: ControlImplementation):
+def _update_imp_customer(imp: ControlImplementation):
     """
     Update the implementation responsibility text for a given implementation
@@ -1207,7 +1255,7 @@ def parse_and_map_data(
             crm_data=crm_data,
             version=version,
         )
-        update_responsiblity_text()
+        update_customer_text()
     report(error_set)
@@ -1339,6 +1387,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
     else:
         ret = next((plan for plan in existing_plan), None)
+        logger.info(f"Found existing SSP# {ret.id}")
         existing_imps = ControlImplementation.get_list_by_plan(ret.id)
         for imp in existing_imps:
             EXISTING_IMPLEMENTATIONS[imp.controlID] = imp