regscale-cli 6.26.0.0__py3-none-any.whl → 6.27.0.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -12,7 +12,9 @@ from collections import Counter
 from concurrent.futures import as_completed
 from concurrent.futures.thread import ThreadPoolExecutor
 from datetime import datetime
+from functools import lru_cache
 from pathlib import Path
+from tempfile import gettempdir
 from threading import Thread
 from types import ModuleType
 from typing import TYPE_CHECKING, Any, Callable, Dict, List, Literal, Optional, Tuple, TypeVar
@@ -23,6 +25,7 @@ from regscale.core.app.api import Api
 from regscale.core.app.utils.api_handler import APIInsertionError, APIUpdateError
 from regscale.core.app.utils.app_utils import compute_hash, create_progress_object, error_and_exit, get_current_datetime
 from regscale.core.utils.graphql import GraphQLQuery
+from regscale.integrations.control_matcher import ControlMatcher
 from regscale.integrations.public.fedramp.ssp_logger import SSPLogger
 from regscale.models import ControlObjective, ImplementationObjective, ImportValidater, Parameter, Profile
 from regscale.models.regscale_models import (
@@ -41,9 +44,6 @@ from regscale.utils.version import RegscaleVersion
 if TYPE_CHECKING:
     import pandas as pd
 
-from functools import lru_cache
-from tempfile import gettempdir
-
 T = TypeVar("T")
 
 logger = SSPLogger()
@@ -116,131 +116,91 @@ def get_pandas() -> ModuleType:
     return pd
 
 
-def smart_find_by_source(
-    source: str, control_objectives: List[ControlObjective]
-) -> Tuple[Optional[str], List[str], str]:
-    """
-    Smart algorithm to find mapping by source, checking ControlObjective table only.
-
-    :param str source: The source control ID (e.g., "AC-1(a)", "AC-01 (a)")
-    :param List[ControlObjective] control_objectives: List of ControlObjective objects to search
-    :return: Tuple of (primary_oscal_id, sub_parts, status_message)
-    :rtype: Tuple[Optional[str], List[str], str]
+def _build_potential_oscal_ids(variation: str) -> List[str]:
     """
-    # Step 1: Convert control name to OSCAL identifier
-    expected_oscal = _convert_to_oscal_identifier(source)
-
-    if not expected_oscal:
-        return None, [], f"Unable to convert control {source} to OSCAL format"
-
-    # Step 2: Search otherId field in ControlObjective table for exact match
-    if _find_exact_objective_by_other_id(expected_oscal, control_objectives):
-        return expected_oscal, [], f"Found exact match: {expected_oscal}"
-
-    # Step 3: Search for subparts (pattern: expected_oscal + ".*")
-    if sub_parts := _find_subpart_objectives_by_other_id(expected_oscal, control_objectives):
-        return None, sub_parts, f"Control exists with {len(sub_parts)} sub-parts. Update import file."
+    Build potential OSCAL ID formats from a control ID variation.
 
-    # Step 4: No match found
-    return None, [], f"No database match found for {source} (expected: {expected_oscal})"
-
-
-def _convert_to_oscal_identifier(source: str) -> Optional[str]:
-    """
-    Convert control name to OSCAL identifier using algorithmic patterns.
-
-    :param str source: The source control ID (e.g., "AC-1(a)", "AC-01 (a)", "AC-6(1)")
-    :return: Generated OSCAL identifier or None
-    :rtype: Optional[str]
+    :param str variation: Control ID variation (e.g., "AC-1", "AC-01")
+    :return: List of potential OSCAL IDs
+    :rtype: List[str]
     """
-    # Remove extra spaces and normalize
-    source = source.strip()
-
-    # Pattern 1: Control enhancement - AC-6(1), AC-02 (01), AC-6 ( 1 )
-    if match := re.match(r"^([A-Z]{2})-(\d{1,2})\s*\(\s*(\d{1,2})\s*\)$", source, re.IGNORECASE):
-        family, number, enhancement = match.groups()
-        return f"{family.lower()}-{int(number)}.{int(enhancement)}_smt"
-
-    # Pattern 2: Control part - AC-1(a), AC-01 (a), AC-1 ( a )
-    if match := re.match(r"^([A-Z]{2})-(\d{1,2})\s*\(\s*([a-z])\s*\)$", source, re.IGNORECASE):
-        family, number, part = match.groups()
-        return f"{family.lower()}-{int(number)}_smt.{part.lower()}"
-
-    # Pattern 3: Control enhancement part - AC-6(1)(a), AC-02 (07) (a), AC-6 ( 1 ) ( a )
-    if match := re.match(r"^([A-Z]{2})-(\d{1,2})\s*\(\s*(\d{1,2})\s*\)\s*\(\s*([a-z])\s*\)$", source, re.IGNORECASE):
-        family, number, enhancement, part = match.groups()
-        return f"{family.lower()}-{int(number)}.{int(enhancement)}_smt.{part.lower()}"
-
-    # Pattern 4: Base control - AC-1, AC-01
-    if match := re.match(r"^([A-Z]{2})-(\d{1,2})$", source, re.IGNORECASE):
-        family, number = match.groups()
-        return f"{family.lower()}-{int(number)}_smt"
-
-    return None
+    variation_lower = variation.lower()
+    return [
+        f"{variation_lower}_smt",
+        f"{variation_lower}_smt.a",
+        f"{variation_lower}_smt.b",
+        f"{variation_lower}_smt.c",
+    ]
 
 
-def _find_exact_objective_by_other_id(expected_oscal: str, control_objectives: List[ControlObjective]) -> bool:
+def _matches_oscal_id(obj_id: str, variation: str) -> bool:
     """
-    Check if exact OSCAL identifier exists in ControlObjective otherId field.
+    Check if an objective's otherId matches any OSCAL ID format for the given variation.
 
-    :param str expected_oscal: The expected OSCAL identifier
-    :param List[ControlObjective] control_objectives: List of ControlObjective objects
-    :return: True if exact match found
+    :param str obj_id: The objective's otherId
+    :param str variation: Control ID variation
+    :return: True if matches, False otherwise
     :rtype: bool
     """
-    for obj in control_objectives:
-        if hasattr(obj, "otherId") and obj.otherId == expected_oscal:
-            return True
-    return False
+    potential_ids = _build_potential_oscal_ids(variation)
+    return obj_id in potential_ids or obj_id.startswith(f"{variation.lower()}_smt")
 
 
-def _convert_oscal_to_rev4_control_label(oscal_control_id: str) -> str:
+def _find_matching_objectives(control_objectives: List[ControlObjective], variations: set) -> List[ControlObjective]:
     """
-    Convert OSCAL control ID to Rev4 control label format.
-
-    Examples:
-    - "ac-1" -> "ac-01"
-    - "ac-10" -> "ac-10"
-    - "ac-2.7" -> "ac-02"
+    Find objectives that match any of the control ID variations.
 
-    :param str oscal_control_id: OSCAL control ID (e.g., "ac-1", "ac-2.7")
-    :return: Rev4 control label (e.g., "ac-01", "ac-02")
-    :rtype: str
+    :param List[ControlObjective] control_objectives: List of objectives to search
+    :param set variations: Set of control ID variations
+    :return: List of matched objectives
+    :rtype: List[ControlObjective]
     """
-    # Handle control enhancements by taking just the base control
-    base_control = oscal_control_id.split(".")[0]  # "ac-2.7" -> "ac-2"
-
-    # Split into family and number
-    parts = base_control.split("-")
-    if len(parts) != 2:
-        return oscal_control_id  # Return as-is if not in expected format
+    matched_objectives = []
 
-    family, number = parts
-
-    # Convert single digit to zero-padded format: "1" -> "01"
-    if len(number) == 1:
-        number = f"0{number}"
+    for obj in control_objectives:
+        if not hasattr(obj, "otherId") or not obj.otherId:
+            continue
+
+        obj_id = obj.otherId
+        for variation in variations:
+            if _matches_oscal_id(obj_id, variation):
+                if obj not in matched_objectives:
+                    matched_objectives.append(obj)
+                break
 
-    return f"{family}-{number}"
+    return matched_objectives
 
 
-def _find_subpart_objectives_by_other_id(base_oscal: str, control_objectives: List[ControlObjective]) -> List[str]:
+def find_objectives_using_control_matcher(
+    source: str, control_objectives: List[ControlObjective], control_matcher: ControlMatcher
+) -> Tuple[List[ControlObjective], str]:
     """
-    Find sub-part objectives that start with the base OSCAL identifier pattern.
+    Find control objectives using ControlMatcher for consistent control ID parsing and matching.
 
-    :param str base_oscal: The base OSCAL identifier (e.g., "ac-2.7_smt")
-    :param List[ControlObjective] control_objectives: List of ControlObjective objects
-    :return: List of sub-part OSCAL identifiers
-    :rtype: List[str]
+    :param str source: The source control ID (e.g., "AC-1(a)", "AC-01 (a)")
+    :param List[ControlObjective] control_objectives: List of ControlObjective objects to search
+    :param ControlMatcher control_matcher: Instance of ControlMatcher for parsing and variations
+    :return: Tuple of (matched objectives list, status_message)
+    :rtype: Tuple[List[ControlObjective], str]
     """
-    sub_parts = []
-    base_pattern = base_oscal + "."
+    # Parse the control ID using ControlMatcher
+    parsed_id = control_matcher.parse_control_id(source)
+    if not parsed_id:
+        return [], f"Unable to parse control {source}"
 
-    for obj in control_objectives:
-        if hasattr(obj, "otherId") and obj.otherId.startswith(base_pattern):
-            sub_parts.append(obj.otherId)
+    # Get all variations of this control ID
+    # pylint: disable=protected-access  # Using internal method for control ID variation matching
+    variations = control_matcher._get_control_id_variations(parsed_id)
+    if not variations:
+        return [], f"Unable to generate variations for {source}"
+
+    # Find matching objectives
+    matched_objectives = _find_matching_objectives(control_objectives, variations)
 
-    return sorted(sub_parts)
+    if matched_objectives:
+        return matched_objectives, f"Found {len(matched_objectives)} objective(s) for {source}"
+
+    return [], f"No database match found for {source} (parsed: {parsed_id})"
 
 
 def transform_control(control: str) -> str:
@@ -314,7 +274,7 @@ def gen_key(control_id: str):
     # 1. The last (number) if it exists
     # 2. The main control number if no enhancement exists
     # And excludes any trailing (letter) - handles extra spaces like AC-6 ( 1 ) ( a )
-    pattern = r"^((?:\w+-\d+(?:\s*\(\s*\d+\s*\))?))(?:\s*\(\s*[a-zA-Z]\s*\))?$"
+    pattern = r"^(\w+-\d+(?:\s*\(\s*\d+\s*\))?)(?:\s*\(\s*[a-zA-Z]\s*\))?$"
 
     match = re.match(pattern, control_id)
     if match:
@@ -392,7 +352,7 @@ def map_origination(control_id: str, cis_data: dict) -> dict:
     }
 
     # Initialize result with all flags set to False
-    result = {key: False for key in origination_mapping.values()}
+    result = dict.fromkeys(origination_mapping.values(), False)
     result["record_text"] = ""
 
     # Find matching CIS records
@@ -469,6 +429,103 @@ def get_multi_status(record: dict) -> str:
         return status_map.get(implementation_status, NOT_IMPLEMENTED)
 
 
+def _calculate_responsibility(control_originations: List[str], imp: ControlImplementation) -> str:
+    """
+    Calculate responsibility from control originations.
+
+    :param List[str] control_originations: List of control origination values
+    :param ControlImplementation imp: Control implementation
+    :return: Calculated responsibility value
+    :rtype: str
+    """
+    try:
+        if RegscaleVersion.meets_minimum_version("6.20.17.0"):
+            return ",".join(control_originations)
+        return next(iter(control_originations))
+    except StopIteration:
+        if imp.responsibility:
+            return imp.responsibility.split(",")[0]
+        return SERVICE_PROVIDER_CORPORATE
+
+
+def _create_new_implementation_objective(
+    leverage_auth_id: int,
+    imp: ControlImplementation,
+    objective: ControlObjective,
+    cis_record: dict,
+    responsibility: str,
+    cloud_responsibility: str,
+    customer_responsibility: str,
+    can_be_inherited_from_csp: str,
+) -> ImplementationObjective:
+    """
+    Create a new implementation objective.
+
+    :param int leverage_auth_id: Leveraged authorization ID
+    :param ControlImplementation imp: Control implementation
+    :param ControlObjective objective: Control objective
+    :param dict cis_record: CIS record data
+    :param str responsibility: Responsibility value
+    :param str cloud_responsibility: Cloud responsibility value
+    :param str customer_responsibility: Customer responsibility value
+    :param str can_be_inherited_from_csp: Can be inherited flag
+    :return: New implementation objective
+    :rtype: ImplementationObjective
+    """
+    imp_obj = ImplementationObjective(
+        id=0,
+        uuid="",
+        inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
+        implementationId=imp.id,
+        status=get_multi_status(cis_record),
+        objectiveId=objective.id,
+        notes=objective.name,
+        securityControlId=objective.securityControlId,
+        securityPlanId=REGSCALE_SSP_ID,
+        responsibility=responsibility,
+        cloudResponsibility=cloud_responsibility,
+        customerResponsibility=customer_responsibility,
+        authorizationId=leverage_auth_id,
+        parentObjectiveId=objective.parentObjectiveId,
+    )
+    logger.debug(
+        "Creating new Implementation Objective for Control %s with status: %s responsibility: %s",
+        imp_obj.securityControlId,
+        imp_obj.status,
+        imp_obj.responsibility,
+    )
+    return imp_obj
+
+
+def _update_existing_implementation_objective(
+    ex_obj: ImplementationObjective,
+    cis_record: dict,
+    responsibility: str,
+    cloud_responsibility: str,
+    customer_responsibility: str,
+) -> None:
+    """
+    Update an existing implementation objective.
+
+    :param ImplementationObjective ex_obj: Existing implementation objective
+    :param dict cis_record: CIS record data
+    :param str responsibility: Responsibility value
+    :param str cloud_responsibility: Cloud responsibility value
+    :param str customer_responsibility: Customer responsibility value
+    :rtype: None
+    """
+    ex_obj.status = get_multi_status(cis_record)
+    ex_obj.responsibility = responsibility
+    if cloud_responsibility.strip():
+        logger.debug(f"Updating Implementation Objective #{ex_obj.id} with responsibility: {responsibility}")
+        ex_obj.cloudResponsibility = cloud_responsibility
+    if customer_responsibility.strip():
+        logger.debug(
+            f"Updating Implementation Objective #{ex_obj.id} with cloud responsibility: {cloud_responsibility}"
+        )
+        ex_obj.customerResponsibility = customer_responsibility
+
+
 def update_imp_objective(
     leverage_auth_id: int,
     existing_imp_obj: List[ImplementationObjective],
@@ -487,80 +544,49 @@ def update_imp_objective(
     :rtype: None
     :return: None
     """
-
     cis_record = record.get("cis", {})
     crm_record = record.get("crm", {})
-    # There could be multiples, take the first one as regscale will not allow multiples at the objective level.
-    control_originations = cis_record.get("control_origination", "").split(",")
-    for ix, control_origination in enumerate(control_originations):
-        control_originations[ix] = control_origination.strip()
 
-    try:
-        if RegscaleVersion.meets_minimum_version("6.20.17.0"):
-            responsibility = ",".join(control_originations)
-        else:
-            responsibility = next(origin for origin in control_originations)
+    # Parse and clean control originations
+    control_originations = [orig.strip() for orig in cis_record.get("control_origination", "").split(",")]
 
-    except StopIteration:
-        if imp.responsibility:
-            responsibility = imp.responsibility.split(",")[0]  # only one responsiblity allowed here.
-        else:
-            responsibility = SERVICE_PROVIDER_CORPORATE
+    # Calculate responsibility
+    responsibility = _calculate_responsibility(control_originations, imp)
 
+    # Parse responsibility fields
     customer_responsibility = clean_customer_responsibility(
         crm_record.get("specific_inheritance_and_customer_agency_csp_responsibilities")
     )
-    existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
-    logger.debug(f"CRM Record: {crm_record}")
     can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
     cloud_responsibility = customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else ""
     customer_responsibility = customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""
+
+    existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
+    logger.debug(f"CRM Record: {crm_record}")
+
     for objective in objectives:
+        if objective.securityControlId != imp.controlID:
+            continue
+
         current_pair = (objective.id, imp.id)
         if current_pair not in existing_pairs:
-            if objective.securityControlId != imp.controlID:
-                # This is a bad match, do not save.
-                continue
-
-            imp_obj = ImplementationObjective(
-                id=0,
-                uuid="",
-                inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
-                implementationId=imp.id,
-                status=get_multi_status(cis_record),
-                objectiveId=objective.id,
-                notes=objective.name,
-                securityControlId=objective.securityControlId,
-                securityPlanId=REGSCALE_SSP_ID,
-                responsibility=responsibility,
-                cloudResponsibility=cloud_responsibility,
-                customerResponsibility=customer_responsibility,
-                authorizationId=leverage_auth_id,
-                parentObjectiveId=objective.parentObjectiveId,
-            )
-            logger.debug(
-                "Creating new Implementation Objective for Control %s with status: %s responsibility: %s",
-                imp_obj.securityControlId,
-                imp_obj.status,
-                imp_obj.responsibility,
+            imp_obj = _create_new_implementation_objective(
+                leverage_auth_id,
+                imp,
+                objective,
+                cis_record,
+                responsibility,
+                cloud_responsibility,
+                customer_responsibility,
+                can_be_inherited_from_csp,
             )
             UPDATED_IMPLEMENTATION_OBJECTIVES.add(imp_obj)
         else:
             ex_obj = next((obj for obj in existing_imp_obj if obj.objectiveId == objective.id), None)
             if ex_obj:
-                ex_obj.status = get_multi_status(cis_record)
-                ex_obj.responsibility = responsibility
-                if cloud_responsibility.strip():
-                    logger.debug(
-                        f"Updating Implementation Objective #{ex_obj.id} with responsibility: {responsibility}"
-                    )
-                    ex_obj.cloudResponsibility = cloud_responsibility
-                if customer_responsibility.strip():
-                    logger.debug(
-                        f"Updating Implementation Objective #{ex_obj.id} with cloud responsibility: {cloud_responsibility}"
-                    )
-                    ex_obj.customerResponsibility = customer_responsibility
-
+                _update_existing_implementation_objective(
+                    ex_obj, cis_record, responsibility, cloud_responsibility, customer_responsibility
+                )
                 UPDATED_IMPLEMENTATION_OBJECTIVES.add(ex_obj)
 
 
@@ -689,8 +715,6 @@ def get_all_imps(api: Api, cis_data: dict, version: Literal["rev4", "rev5"]) ->
     :return: None
     :rtype: None
     """
-    from requests import RequestException
-
     # Check if the response is successful
     if EXISTING_IMPLEMENTATIONS:
         # Get Control Implementations For SSP
@@ -765,6 +789,9 @@ def update_all_objectives(
     """
 
     all_control_objectives = get_all_control_objectives(imps=EXISTING_IMPLEMENTATIONS.values())
+    # Create ControlMatcher instance for consistent control ID parsing
+    control_matcher = ControlMatcher()
+
     error_set = set()
     process_task = progress.add_task(
         "[cyan]Processing control objectives...", total=len(EXISTING_IMPLEMENTATIONS.values())
@@ -777,7 +804,13 @@ def update_all_objectives(
         # Submit all tasks
         future_to_control = {
             executor.submit(
-                process_implementation, leveraged_auth_id, imp, combined_data, version, all_control_objectives
+                process_implementation,
+                leveraged_auth_id,
+                imp,
+                combined_data,
+                version,
+                all_control_objectives,
+                control_matcher,
             ): imp
             for imp in EXISTING_IMPLEMENTATIONS.values()
         }
@@ -833,6 +866,7 @@ def process_implementation(
     sheet_data: dict,
     version: Literal["rev4", "rev5"],
     all_objectives: List[ControlObjective],
+    control_matcher: ControlMatcher,
 ) -> Tuple[List[str], List[ImplementationObjective]]:
     """
     Processes a single implementation and its associated records.
@@ -842,6 +876,7 @@ def process_implementation(
     :param dict sheet_data: The CIS/CRM data to process
     :param Literal["rev4", "rev5"] version: The version of the workbook
     :param List[ControlObjective] all_objectives: all the control objectives
+    :param ControlMatcher control_matcher: ControlMatcher instance for control ID parsing
     :rtype Tuple[List[str], List[ImplementationObjective]]
     :returns A list of updated implementation objectives
     """
@@ -849,7 +884,7 @@ def process_implementation(
     errors = []
     processed_objectives = []
 
-    existing_objectives, filtered_records = gen_filtered_records(implementation, sheet_data, version)
+    existing_objectives, filtered_records = gen_filtered_records(implementation, sheet_data, control_matcher)
     result = None
     for record in filtered_records:
         res = process_single_record(
@@ -859,6 +894,7 @@ def process_implementation(
             control_objectives=all_objectives,
             existing_objectives=existing_objectives,
             version=version,
+            control_matcher=control_matcher,
         )
         if isinstance(res, tuple):
             method_errors, result = res
@@ -870,32 +906,35 @@ def process_implementation(
 
 
 def gen_filtered_records(
-    implementation: ControlImplementation, sheet_data: dict, version: Literal["rev4", "rev5"]
+    implementation: ControlImplementation, sheet_data: dict, control_matcher: ControlMatcher
 ) -> Tuple[List[ImplementationObjective], List[Dict[str, str]]]:
     """
-    Generates filtered records for a given implementation.
+    Generates filtered records for a given implementation using ControlMatcher.
 
     :param ControlImplementation implementation: The control implementation to filter records for
     :param dict sheet_data: The CIS/CRM data to filter
-    :param Literal["rev4", "rev5"] version: The version of the workbook
+    :param ControlMatcher control_matcher: ControlMatcher instance for control ID matching
     :returns A tuple of existing objectives, and filtered records
     :rtype Tuple[List[ImplementationObjective], List[Dict[str, str]]]
     """
     security_control = SecurityControl.get_object(implementation.controlID)
     existing_objectives = ImplementationObjective.get_by_control(implementation.id)
-    if version == "rev5":
-        filtered_records = filter(
-            lambda r: extract_control_name(r["cis"]["regscale_control_id"]).lower()
-            == security_control.controlId.lower(),
-            sheet_data.values(),
-        )
-    else:
-        # For rev4, convert OSCAL control ID to control label format and match against original control_id
-        # e.g., "ac-1" -> "ac-01", then match "AC-01 (a)", "AC-01 (b)", etc.
-        control_label = _convert_oscal_to_rev4_control_label(security_control.controlId)
-        filtered_records = filter(
-            lambda r: r["cis"]["regscale_control_id"].lower() == control_label.lower(), sheet_data.values()
-        )
+
+    # Get all variations of the control ID using ControlMatcher
+    # pylint: disable=protected-access  # Using internal method for control ID variation matching
+    control_variations = control_matcher._get_control_id_variations(security_control.controlId)
+
+    # Filter records that match any variation of the control ID
+    filtered_records = []
+    for record in sheet_data.values():
+        record_control_id = record["cis"].get("regscale_control_id", "")
+        # Parse the record's control ID
+        parsed_record_id = control_matcher.parse_control_id(record_control_id)
+        if parsed_record_id:
+            # Check if the parsed record control ID matches any variation
+            # pylint: disable=protected-access  # Using internal method for control ID variation matching
+            if control_variations & control_matcher._get_control_id_variations(parsed_record_id):
+                filtered_records.append(record)
 
     return existing_objectives, filtered_records
 
@@ -919,61 +958,28 @@ def process_single_record(**kwargs) -> Tuple[List[str], Optional[ImplementationO
     :rtype Tuple[List[str], Optional[ImplementationObjective]]
     :returns A list of errors and the Implementation Objective if successful, otherwise None
     """
-    # No longer need to load JSON mappings - using smart algorithm only
-
     errors = []
-    version = kwargs.get("version")
     leveraged_auth_id: int = kwargs.get("leveraged_auth_id")
     implementation: ControlImplementation = kwargs.get("implementation")
     record: dict = kwargs.get("record")
     control_objectives: List[ControlObjective] = kwargs.get("control_objectives")
     existing_objectives: List[ImplementationObjective] = kwargs.get("existing_objectives")
-    mapped_objectives: List[ControlObjective] = []
+    control_matcher: ControlMatcher = kwargs.get("control_matcher")
     result = None
 
     # Get the control ID from the CIS/CRM record
     key = record["cis"]["control_id"]
 
-    # Use smart algorithm to find mapping
-    source, parts, status = smart_find_by_source(key, control_objectives)
+    # Use ControlMatcher to find matching objectives
+    mapped_objectives, status = find_objectives_using_control_matcher(key, control_objectives, control_matcher)
 
-    logger.debug(f"Smart mapping result for {key}: {status}")
+    logger.debug(f"Control matching result for {key}: {status}")
 
-    # Add to errors list if status does not start with "Found"
-    if not status.startswith("Found"):
+    # Add to errors list if no objectives found
+    if not mapped_objectives:
         errors.append(f"{key}: {status}")
-
-    # Process exact match if found
-    if source:
-        try:
-            objective = next(
-                obj
-                for obj in control_objectives
-                if (obj.otherId == source and version in ["rev5", "rev4"]) or (obj.name == source and version == "rev4")
-            )
-            mapped_objectives.append(objective)
-        except StopIteration:
-            logger.debug(f"Missing Source: {source}")
-            errors.append(f"Unable to find objective for control {key} ({source})")
-
-    # Process sub-parts if found
-    if parts:
-        for part in parts:
-            try:
-                if version == "rev5":
-                    mapped_objectives.append(next(obj for obj in control_objectives if obj.otherId == part))
-                else:
-                    mapped_objectives.append(
-                        next(obj for obj in control_objectives if obj.otherId == part or obj.name == part)
-                    )
-            except StopIteration:
-                errors.append(f"Unable to find part {part} for control {key}")
-
-    # Report if no mapping found at all
-    if not source and not parts:
-        errors.append(f"Unable to find source and part for control {key}")
-
-    if mapped_objectives:
+    else:
+        # Update implementation objectives with the matched control objectives
         update_imp_objective(
             leverage_auth_id=leveraged_auth_id,
             existing_imp_obj=existing_objectives,
@@ -1023,46 +1029,53 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
 
     logger.debug(f"Skipping {skip_rows} rows in CRM worksheet")
 
-    # only use thse coloumns
-    usecols = [
+    # Define required columns
+    required_columns = [
         CONTROL_ID,
         "Can Be Inherited from CSP",
         "Specific Inheritance and Customer Agency/CSP Responsibilities",
     ]
 
     try:
-        # Verify that the columns are in the dataframe
-        header_row = validator.data.iloc[skip_rows - 1 :].iloc[0]
+        # Get the header row (which is at skip_rows - 1)
+        header_row = validator.data.iloc[skip_rows - 1]
 
-        # Check if we have enough columns
-        if len(header_row) < len(usecols):
-            error_and_exit(
-                f"Not enough columns found in CRM worksheet. Expected {len(usecols)} columns but found {len(header_row)}."
-            )
+        # Get data rows starting from skip_rows
+        data = validator.data.iloc[skip_rows:].reset_index(drop=True)
 
-        # Verify each required column exists in the correct position
+        # Set column names from header row
+        data.columns = header_row
+
+        # Find required columns by name (case-insensitive, handle extra columns in AWS CIS/CRM)
+        available_columns = data.columns.tolist()
+        columns_to_use = []
         missing_columns = []
-        for i, expected_col in enumerate(usecols):
-            if header_row.iloc[i] != expected_col:
-                missing_columns.append(
-                    f"Expected '{expected_col}' at position {i + 1} but found '{header_row.iloc[i]}'"
-                )
+
+        for required_col in required_columns:
+            # Find column that matches (case-insensitive, strip whitespace)
+            matching_col = next(
+                (col for col in available_columns if str(col).strip().lower() == required_col.lower()), None
+            )
+            if matching_col is not None:
+                columns_to_use.append(matching_col)
+            else:
+                missing_columns.append(required_col)
 
         if missing_columns:
-            error_msg = "Required columns not found in the CRM worksheet:\n" + "\n".join(missing_columns)
+            error_msg = (
+                f"Required columns not found in the CRM worksheet: {', '.join(missing_columns)}\n"
+                f"Available columns: {', '.join(str(col) for col in available_columns)}"
+            )
             error_and_exit(error_msg)
 
-        logger.debug("Verified all required columns exist in CRM worksheet")
+        logger.debug(f"Found all required columns in CRM worksheet: {', '.join(required_columns)}")
 
-        # Reindex the dataframe and skip some rows
-        data = validator.data.iloc[skip_rows:]
+        # Keep only the required columns
+        data = data[columns_to_use]
 
-        # Keep only the first three columns
-        data = data.iloc[:, :3]
-
-        # Rename the columns to match usecols
-        data.columns = usecols
-        logger.debug(f"Kept only required columns: {', '.join(usecols)}")
+        # Rename the columns to standardize names
+        data.columns = required_columns
+        logger.debug(f"Using columns: {', '.join(required_columns)}")
 
     except KeyError as e:
         error_and_exit(f"KeyError: {e} - One or more columns specified in usecols are not found in the dataframe.")
@@ -1098,19 +1111,66 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
     return formatted_crm
 
 
-def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
+def _get_expected_cis_columns() -> List[str]:
     """
-    Function to parse and format the CIS worksheet content
+    Get the expected column names for CIS worksheet in order.
 
-    :param click.Path file_path: The file path to the FedRAMP CIS CRM workbook
-    :param str cis_sheet_name: The name of the CIS sheet to parse
-    :return: Formatted CIS content
-    :rtype: dict
+    :return: List of expected column names
+    :rtype: List[str]
     """
-    pd = get_pandas()
-    logger.info("Parsing CIS worksheet...")
-    skip_rows = 2
+    return [
+        CONTROL_ID,
+        "Implemented",
+        ControlImplementationStatus.PartiallyImplemented,
+        "Planned",
+        ALT_IMPLEMENTATION,
+        ControlImplementationStatus.NA,
+        SERVICE_PROVIDER_CORPORATE,
+        SERVICE_PROVIDER_SYSTEM_SPECIFIC,
+        SERVICE_PROVIDER_HYBRID,
+        CONFIGURED_BY_CUSTOMER,
+        PROVIDED_BY_CUSTOMER,
+        SHARED,
+        INHERITED,
+    ]
+
+
+def _normalize_cis_columns(cis_df, expected_columns: List[str]):
+    """
+    Normalize CIS dataframe columns by matching expected columns and handling missing ones.
+
+    :param cis_df: The CIS dataframe
+    :param List[str] expected_columns: List of expected column names
+    :return: Normalized dataframe with standardized column names
+    """
+    available_columns = cis_df.columns.tolist()
+    columns_to_keep = []
+
+    for expected_col in expected_columns:
+        matching_col = next(
+            (col for col in available_columns if str(col).strip().lower() == expected_col.lower()), None
+        )
+        if matching_col is not None:
+            columns_to_keep.append(matching_col)
+        else:
+            logger.warning(f"Expected column '{expected_col}' not found in CIS worksheet. Using empty values.")
+            cis_df[expected_col] = ""
+            columns_to_keep.append(expected_col)
+
+    cis_df = cis_df[columns_to_keep]
+    cis_df.columns = expected_columns
+    return cis_df.fillna("")
 
+
+def _load_and_prepare_cis_dataframe(file_path: click.Path, cis_sheet_name: str, skip_rows: int):
+    """
+    Load and prepare the CIS dataframe from the workbook.
+
+    :param click.Path file_path: The file path to the workbook
+    :param str cis_sheet_name: The sheet name to parse
+    :param int skip_rows: Number of rows to skip
+    :return: Tuple of (prepared dataframe, updated skip_rows) or (None, skip_rows) if empty
+    """
     validator = ImportValidater(
         file_path=file_path,
         disable_mapping=True,
@@ -1122,35 +1182,49 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         warn_extra_headers=False,
     )
     if validator.data.empty:
-        return {}
+        return None, skip_rows
 
     skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
 
-    # Parse the worksheet named 'CIS GovCloud U.S.+DoD (H)', skipping the initial rows
-    original_cis = validator.data
-
-    cis_df = original_cis.iloc[skip_rows:].reset_index(drop=True)
-
-    # Set the appropriate headers
+    cis_df = validator.data.iloc[skip_rows:].reset_index(drop=True)
     cis_df.columns = cis_df.iloc[0]
-
-    # Drop any fully empty rows
     cis_df.dropna(how="all", inplace=True)
-
-    # Reset the index
     cis_df.reset_index(drop=True, inplace=True)
 
-    # Only keep the first 13 columns
-    cis_df = cis_df.iloc[:, :13]
+    return cis_df, skip_rows
 
-    # Rename columns to standardize names
-    cis_df.columns = [
-        CONTROL_ID,
+
+def _extract_status(data_row) -> str:
+    """
+    Extract the first non-empty implementation status from the CIS worksheet.
+
+    :param data_row: The data row to extract the status from
+    :return: The implementation status
+    :rtype: str
+    """
+    selected_status = []
+    for col in [
         "Implemented",
         ControlImplementationStatus.PartiallyImplemented,
         "Planned",
         ALT_IMPLEMENTATION,
         ControlImplementationStatus.NA,
+    ]:
+        if data_row[col]:
+            selected_status.append(col)
+    return ", ".join(selected_status) if selected_status else ""
+
+
+def _extract_origination(data_row) -> str:
+    """
+    Extract the first non-empty control origination from the CIS worksheet.
+
+    :param data_row: The data row to extract the origination from
+    :return: The control origination
+    :rtype: str
+    """
+    selected_origination = []
+    for col in [
         SERVICE_PROVIDER_CORPORATE,
         SERVICE_PROVIDER_SYSTEM_SPECIFIC,
         SERVICE_PROVIDER_HYBRID,
@@ -1158,75 +1232,53 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         PROVIDED_BY_CUSTOMER,
         SHARED,
         INHERITED,
-    ]
+    ]:
+        if data_row[col]:
+            selected_origination.append(col)
+    return ", ".join(selected_origination) if selected_origination else ""
 
-    # Fill NaN values with an empty string for processing
-    cis_df = cis_df.fillna("")
-
-    # Function to extract the first non-empty implementation status
-    def _extract_status(data_row: pd.Series) -> str:
-        """
-        Function to extract the first non-empty implementation status from the CIS worksheet
-
-        :param pd.Series data_row: The data row to extract the status from
-        :return: The implementation status
-        :rtype: str
-        """
-        selected_status = []
-        for col in [
-            "Implemented",
-            ControlImplementationStatus.PartiallyImplemented,
-            "Planned",
-            ALT_IMPLEMENTATION,
-            ControlImplementationStatus.NA,
-        ]:
-            if data_row[col]:
-                selected_status.append(col)
-        return ", ".join(selected_status) if selected_status else ""
-
-    # Function to extract the first non-empty control origination
-    def _extract_origination(data_row: pd.Series) -> str:
-        """
-        Function to extract the first non-empty control origination from the CIS worksheet
-
-        :param pd.Series data_row: The data row to extract the origination from
-        :return: The control origination
-        :rtype: str
-        """
-        selected_origination = []
-        for col in [
-            SERVICE_PROVIDER_CORPORATE,
-            SERVICE_PROVIDER_SYSTEM_SPECIFIC,
-            SERVICE_PROVIDER_HYBRID,
-            CONFIGURED_BY_CUSTOMER,
-            PROVIDED_BY_CUSTOMER,
-            SHARED,
-            INHERITED,
-        ]:
-            if data_row[col]:
-                selected_origination.append(col)
-        return ", ".join(selected_origination) if selected_origination else ""
-
-    def _process_row(row: pd.Series) -> dict:
-        """
-        Function to process a row from the CIS worksheet
-
-        :param pd.Series row: The row to process
-        :return: The processed row
-        :rtype: dict
-        """
-        return {
-            "control_id": row[CONTROL_ID],
-            "regscale_control_id": transform_control(row[CONTROL_ID]),
-            "implementation_status": _extract_status(row),
-            "control_origination": _extract_origination(row),
-        }
 
-    # use a threadexecutor to process the rows in parallel
+def _process_cis_row(row) -> dict:
+    """
+    Process a row from the CIS worksheet.
+
+    :param row: The row to process
+    :return: The processed row
+    :rtype: dict
+    """
+    return {
+        "control_id": row[CONTROL_ID],
+        "regscale_control_id": transform_control(row[CONTROL_ID]),
+        "implementation_status": _extract_status(row),
+        "control_origination": _extract_origination(row),
+    }
+
+
+def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
+    """
+    Function to parse and format the CIS worksheet content
+
+    :param click.Path file_path: The file path to the FedRAMP CIS CRM workbook
+    :param str cis_sheet_name: The name of the CIS sheet to parse
+    :return: Formatted CIS content
+    :rtype: dict
+    """
+    logger.info("Parsing CIS worksheet...")
+
+    # Load and prepare the dataframe
+    cis_df, _ = _load_and_prepare_cis_dataframe(file_path, cis_sheet_name, skip_rows=2)
+    if cis_df is None:
+        return {}
+
+    # Get expected columns and normalize the dataframe
+    expected_columns = _get_expected_cis_columns()
+    cis_df = _normalize_cis_columns(cis_df, expected_columns)
+
+    # Process rows in parallel
     with ThreadPoolExecutor() as executor:
-        results = list(executor.map(_process_row, [row for _, row in cis_df.iterrows()]))
+        results = list(executor.map(_process_cis_row, [row for _, row in cis_df.iterrows()]))
 
-    # iterate the results and index by control_id
+    # Index by control_id
     return {clean_key(result["control_id"]): result for result in results}
 
 
@@ -1589,7 +1641,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
 
     else:
         INITIAL_IMPORT = False
-        ret = next((plan for plan in existing_plan), None)
+        ret = next(iter(existing_plan), None)
         logger.info(f"Found existing SSP# {ret.id}")
         create_backup_file(ret.id)
         existing_imps = ControlImplementation.get_list_by_plan(ret.id)
@@ -1778,7 +1830,8 @@ def parse_and_import_ciscrm(
     cis_data = parse_cis_worksheet(file_path=file_path, cis_sheet_name=cis_sheet_name)
     crm_data = {}
     if crm_sheet_name:
-        crm_data = parse_crm_worksheet(file_path=file_path, crm_sheet_name=crm_sheet_name, version=version)  # type: ignore
+        # type: ignore
+        crm_data = parse_crm_worksheet(file_path=file_path, crm_sheet_name=crm_sheet_name, version=version)
     if leveraged_auth_id == 0:
         auths = LeveragedAuthorization.get_all_by_parent(ssp.id)
         if auths: