regscale-cli 6.27.2.0__py3-none-any.whl → 6.28.0.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -120,17 +120,36 @@ def _build_potential_oscal_ids(variation: str) -> List[str]:
     """
     Build potential OSCAL ID formats from a control ID variation.
 
-    :param str variation: Control ID variation (e.g., "AC-1", "AC-01")
+    :param str variation: Control ID variation (e.g., "AC-1", "AC-01", "AC-1.a")
     :return: List of potential OSCAL IDs
     :rtype: List[str]
     """
     variation_lower = variation.lower()
-    return [
-        f"{variation_lower}_smt",
-        f"{variation_lower}_smt.a",
-        f"{variation_lower}_smt.b",
-        f"{variation_lower}_smt.c",
-    ]
+    oscal_ids = []
+
+    # Check if this is a control with a letter part (e.g., "ac-1.a")
+    if re.match(r"^[a-z]+-\d+\.[a-z]$", variation_lower):
+        # For letter parts, map to OSCAL format: ac-1.a -> ac-1_smt.a
+        base_control = variation_lower.rsplit(".", 1)[0]  # Get "ac-1" from "ac-1.a"
+        letter_part = variation_lower.rsplit(".", 1)[1]  # Get "a" from "ac-1.a"
+        oscal_ids.extend(
+            [
+                f"{base_control}_smt.{letter_part}",  # ac-1_smt.a (primary format)
+                f"{variation_lower}_smt",  # ac-1.a_smt (alternative format)
+            ]
+        )
+    else:
+        # Base control without letter part - include all potential letter variations
+        oscal_ids.extend(
+            [
+                f"{variation_lower}_smt",
+                f"{variation_lower}_smt.a",
+                f"{variation_lower}_smt.b",
+                f"{variation_lower}_smt.c",
+            ]
+        )
+
+    return oscal_ids
 
 
 def _matches_oscal_id(obj_id: str, variation: str) -> bool:
@@ -213,15 +232,14 @@ def transform_control(control: str) -> str:
     :rtype: str
     """
     # Use regex to match the pattern and capture the parts (handle extra spaces)
-    match = re.match(r"([A-Za-z]+)-(\d+)\s*\(\s*(\d+|[a-z])\s*\)", control)
-    if match:
+    # Now handles both uppercase and lowercase letters in parentheses
+    if match := re.match(r"([A-Z]+)-(\d+)\s*\(\s*(\d+|[A-Z])\s*\)", control, re.IGNORECASE):
         control_name = match.group(1).lower()
         control_number = match.group(2)
-        sub_control = match.group(3)
-
-        if sub_control.isdigit():
+        try:
+            sub_control = match.group(3).lower()  # Normalize to lowercase
             transformed_control = f"{control_name}-{control_number}.{sub_control}"
-        else:
+        except IndexError:
             transformed_control = f"{control_name}-{control_number}"
 
         return transformed_control
@@ -262,29 +280,76 @@ def new_leveraged_auth(
     return new_leveraged_auth_id.id
 
 
-def gen_key(control_id: str):
+def gen_key(control_id: str) -> str:
     """
-    Function to generate a key for the control ID
+    Function to generate a key for the control ID by stripping letter-based parts.
+    Handles both parentheses notation (AC-1(a)) and dot notation (ac-1.a).
+
+    Examples:
+    - AC-1 (a) -> AC-1
+    - ac-1.a -> ac-1
+    - AC-2(1) -> AC-2(1) (numeric enhancement preserved)
+    - AC-17.2 -> AC-17.2 (numeric enhancement preserved)
 
     :param str control_id: The control ID to generate a key for
-    :return: The generated key
+    :return: The generated key with letter parts stripped
     :rtype: str
     """
-    # Match pattern: captures everything up to either:
-    # 1. The last (number) if it exists
+    # First, try parentheses notation: ALPHA-NUM(LETTER) -> ALPHA-NUM
+    # Captures everything up to either:
+    # 1. The last (number) if it exists (preserved)
     # 2. The main control number if no enhancement exists
-    # And excludes any trailing (letter) - handles extra spaces like AC-6 ( 1 ) ( a )
-    pattern = r"^(\w+-\d+(?:\s*\(\s*\d+\s*\))?)(?:\s*\(\s*[a-zA-Z]\s*\))?$"
+    # Excludes trailing (letter) - handles extra spaces like AC-6 ( 1 ) ( a )
+    pattern_paren = r"^(\w+-\d+(?:\s*\(\s*\d+\s*\))?)(?:\s*\(\s*[a-zA-Z]\s*\))?$"
+    if match := re.match(pattern_paren, control_id):
+        return match.group(1)
 
-    match = re.match(pattern, control_id)
-    if match:
+    # Try dot notation: alpha-num.letter -> alpha-num
+    # Preserves numeric enhancements (ac-17.2) but strips letter parts (ac-1.a)
+    pattern_dot = r"^([a-z]+-\d+)\.([a-z])$"
+    if match := re.match(pattern_dot, control_id, re.IGNORECASE):
+        # Check if the part after dot is a single letter (not a number)
         return match.group(1)
+
+    # No match, return as-is
     return control_id
 
 
+def _is_letter_based_control_part(control_id: str) -> bool:
+    """
+    Check if a control ID is a letter-based part (e.g., AC-1(a), ac-1.a).
+    Returns True for ALPHA-NUMERIC(ALPHA) or alpha-numeric.alpha patterns.
+    Returns False for numeric enhancements (AC-1(1), ac-17.2).
+
+    :param str control_id: The control ID to check
+    :return: True if it's a letter-based control part
+    :rtype: bool
+    """
+    # Pattern 1: Parentheses notation - ALPHA-NUMERIC(ALPHA) like AC-1(a), AC-2(B)
+    pattern_paren = r"^[A-Za-z]+-\d+\s*\(\s*[a-zA-Z]\s*\)$"
+    if re.match(pattern_paren, control_id):
+        return True
+
+    # Pattern 2: Dot notation - alpha-numeric.alpha like ac-1.a, ac-2.b
+    # Exclude numeric enhancements like ac-17.2
+    pattern_dot = r"^[a-z]+-\d+\.([a-z])$"
+    match = re.match(pattern_dot, control_id, re.IGNORECASE)
+    if match and match.group(1).isalpha():
+        return True
+
+    return False
+
+
 def map_implementation_status(control_id: str, cis_data: dict) -> str:
     """
-    Function to map the selected implementation status on the CIS worksheet to a RegScale status
+    Function to map the selected implementation status on the CIS worksheet to a RegScale status.
+    Aggregates letter-based control parts (AC-1(a), AC-1(b), AC-1(c)) into base control (AC-1).
+
+    Aggregation logic for letter-based parts:
+    - All "Implemented" → "Fully Implemented"
+    - Mix with at least one "Implemented" → "Partially Implemented"
+    - All "Not Implemented" or empty → "Not Implemented"
+    - Any "Planned" (no implemented) → "Planned"
 
     :param str control_id: The control ID from RegScale
     :param dict cis_data: Data from the CIS worksheet to map the status from
@@ -292,7 +357,7 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
     :rtype: str
     """
 
-    # Extract matching records
+    # Extract matching records (gen_key strips letter parts to match base control)
     cis_records = [
         value
         for value in cis_data.values()
@@ -308,28 +373,45 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
         logger.warning(f"No CIS records found for control {control_id}")
         return status_ret
 
+    # Check if these are letter-based control parts that need aggregation
+    has_letter_parts = any(_is_letter_based_control_part(rec.get("control_id", "")) for rec in cis_records)
+
     # Count implementation statuses
     status_counts = Counter(record.get("implementation_status", "") for record in cis_records)
-    logger.debug("Status distribution for %s: %s", control_id, dict(status_counts))
+    logger.debug("Status distribution for %s: %s (letter parts: %s)", control_id, dict(status_counts), has_letter_parts)
 
-    # Early returns for simple cases
+    # Early return for simple case: all same status
     if len(status_counts) == 1:
         status = next(iter(status_counts))
-        return STATUS_MAPPING.get(status, ControlImplementationStatus.NotImplemented)
+        mapped_status = STATUS_MAPPING.get(status, ControlImplementationStatus.NotImplemented)
+        # If all letter parts have same status and it's "Implemented", return FullyImplemented
+        if has_letter_parts and status == "Implemented":
+            return ControlImplementationStatus.FullyImplemented
+        return mapped_status
 
+    # Aggregate statuses for letter-based control parts or multiple records
     implemented_count = status_counts.get("Implemented", 0)
+    not_implemented_count = status_counts.get("", 0)  # Empty status counts as not implemented
+    partially_implemented_count = status_counts.get("Partially Implemented", 0)
+    planned_count = status_counts.get("Planned", 0)
     total_count = sum(status_counts.values())
 
+    # Aggregation logic
     if implemented_count == total_count:
+        # All parts are implemented
         return ControlImplementationStatus.FullyImplemented
-    elif implemented_count > 0 or any(status == "Partially Implemented" for status in status_counts):
-        status_ret = ControlImplementationStatus.PartiallyImplemented
-    elif any(status == "Planned" for status in status_counts):
-        status_ret = ControlImplementationStatus.Planned
+    elif implemented_count > 0 or partially_implemented_count > 0:
+        # Mix of implemented and other statuses, or any partially implemented
+        return ControlImplementationStatus.PartiallyImplemented
+    elif planned_count > 0 and not_implemented_count == 0:
+        # All are planned (no not-implemented)
+        return ControlImplementationStatus.Planned
     elif any(status in ["N/A", ALTERNATIVE_IMPLEMENTATION] for status in status_counts):
-        status_ret = ControlImplementationStatus.NA
-
-    return status_ret
+        # Any N/A or Alternative
+        return ControlImplementationStatus.NA
+    else:
+        # Default: not implemented
+        return ControlImplementationStatus.NotImplemented
 
 
 def map_origination(control_id: str, cis_data: dict) -> dict:
@@ -905,6 +987,26 @@ def process_implementation(
     return errors, processed_objectives
 
 
+def _extract_base_control_id(control_id: str) -> str:
+    """
+    Extract the base control ID from a control ID that may have a letter part.
+
+    Examples:
+    - "AC-1.a" -> "AC-1"
+    - "AC-17.2" -> "AC-17.2" (numeric parts are preserved)
+    - "AC-1" -> "AC-1"
+
+    :param str control_id: Control ID that may have a letter part
+    :return: Base control ID without letter part
+    :rtype: str
+    """
+    # Check if the control has a letter part (e.g., AC-1.a)
+    match = re.match(r"^([A-Z]+-\d+)\.[A-Z]$", control_id, re.IGNORECASE)
+    if match:
+        return match.group(1)
+    return control_id
+
+
 def gen_filtered_records(
     implementation: ControlImplementation, sheet_data: dict, control_matcher: ControlMatcher
 ) -> Tuple[List[ImplementationObjective], List[Dict[str, str]]]:
@@ -930,11 +1032,22 @@ def gen_filtered_records(
         record_control_id = record["cis"].get("regscale_control_id", "")
         # Parse the record's control ID
         parsed_record_id = control_matcher.parse_control_id(record_control_id)
-        if parsed_record_id:
-            # Check if the parsed record control ID matches any variation
-            # pylint: disable=protected-access  # Using internal method for control ID variation matching
-            if control_variations & control_matcher._get_control_id_variations(parsed_record_id):
-                filtered_records.append(record)
+        if not parsed_record_id:
+            continue
+        # Get variations for the parsed record ID
+        # pylint: disable=protected-access  # Using internal method for control ID variation matching
+        record_variations = control_matcher._get_control_id_variations(parsed_record_id)
+
+        # Check if the parsed record control ID matches any variation
+        if control_variations & record_variations:
+            filtered_records.append(record)
+        else:
+            # If no direct match and record has a letter part, try matching the base control
+            base_control_id = _extract_base_control_id(parsed_record_id)
+            if base_control_id != parsed_record_id:
+                base_variations = control_matcher._get_control_id_variations(base_control_id)
+                if control_variations & base_variations:
+                    filtered_records.append(record)
 
     return existing_objectives, filtered_records
 
@@ -1114,46 +1227,73 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
 def _get_expected_cis_columns() -> List[str]:
     """
     Get the expected column names for CIS worksheet in order.
+    These match the FedRAMP Rev 5 CIS worksheet format.
 
     :return: List of expected column names
     :rtype: List[str]
     """
     return [
-        CONTROL_ID,
+        CONTROL_ID,  # "Control ID"
         "Implemented",
-        ControlImplementationStatus.PartiallyImplemented,
+        ControlImplementationStatus.PartiallyImplemented,  # "Partially Implemented"
         "Planned",
-        ALT_IMPLEMENTATION,
-        ControlImplementationStatus.NA,
+        ALTERNATIVE_IMPLEMENTATION,  # "Alternative Implementation"
+        ControlImplementationStatus.NA,  # "N/A"
         SERVICE_PROVIDER_CORPORATE,
         SERVICE_PROVIDER_SYSTEM_SPECIFIC,
         SERVICE_PROVIDER_HYBRID,
         CONFIGURED_BY_CUSTOMER,
         PROVIDED_BY_CUSTOMER,
         SHARED,
-        INHERITED,
+        INHERITED,  # "Inherited from pre-existing FedRAMP Authorization"
     ]
 
 
-def _normalize_cis_columns(cis_df, expected_columns: List[str]):
+def _normalize_cis_columns(cis_df: "pd.DataFrame", expected_columns: List[str]) -> "pd.DataFrame":
     """
     Normalize CIS dataframe columns by matching expected columns and handling missing ones.
+    Uses fuzzy matching to handle truncated column names from merged cells.
 
-    :param cis_df: The CIS dataframe
+    :param pd.DataFrame cis_df: The CIS dataframe
     :param List[str] expected_columns: List of expected column names
     :return: Normalized dataframe with standardized column names
+    :rtype: pd.DataFrame
     """
     available_columns = cis_df.columns.tolist()
     columns_to_keep = []
 
+    logger.debug(f"Available CIS columns: {available_columns}")
+
     for expected_col in expected_columns:
+        matching_col = None
+
+        # Try exact match first (case-insensitive)
         matching_col = next(
             (col for col in available_columns if str(col).strip().lower() == expected_col.lower()), None
         )
+
+        # If no exact match, try partial/fuzzy match for truncated column names
+        if matching_col is None:
+            # Create a simplified version for matching (first few significant words)
+            # Filter out common words and take first 3 significant words
+            skip_words = {"from", "by", "to", "the", "and", "or", "a", "an"}
+            expected_words = [w for w in expected_col.lower().split() if w not in skip_words][:3]
+
+            for col in available_columns:
+                col_str = str(col).lower()
+                # Check if at least 2 of the significant words are in the column name (handles truncation & variations)
+                matches = sum(1 for word in expected_words if word in col_str)
+                if matches >= min(2, len(expected_words)):  # Need at least 2 matches, or all if less than 2 words
+                    matching_col = col
+                    logger.debug(
+                        f"Fuzzy matched '{expected_col}' to '{col}' (matched {matches}/{len(expected_words)} words)"
+                    )
+                    break
+
         if matching_col is not None:
             columns_to_keep.append(matching_col)
         else:
-            logger.warning(f"Expected column '{expected_col}' not found in CIS worksheet. Using empty values.")
+            logger.info(f"Expected column '{expected_col}' not found in CIS worksheet. Using empty values.")
             cis_df[expected_col] = ""
             columns_to_keep.append(expected_col)
 
@@ -1162,6 +1302,69 @@ def _normalize_cis_columns(cis_df, expected_columns: List[str]):
     return cis_df.fillna("")
 
 
+def _find_control_id_row_index(df: "pd.DataFrame") -> Optional[int]:
+    """
+    Find the row index containing 'Control ID' in the first column.
+
+    :param pd.DataFrame df: The dataframe to search
+    :return: Row index if found, None otherwise
+    :rtype: Optional[int]
+    """
+    for idx, row in df.iterrows():
+        if row.iloc[0] == CONTROL_ID:
+            return idx
+    return None
+
+
+def _merge_header_rows(header_row, sub_header_row) -> List[str]:
+    """
+    Merge two header rows into a single list of column names.
+
+    FedRAMP Rev5 has a two-row header structure where main headers span multiple columns
+    and sub-headers provide specific column names.
+
+    :param header_row: The main header row (categories)
+    :param sub_header_row: The sub-header row (specific columns)
+    :return: List of merged column names
+    :rtype: List[str]
+    """
+    pd = get_pandas()
+    merged_headers = []
+    current_category = None
+
+    for i, (main, sub) in enumerate(zip(header_row, sub_header_row)):
+        # Update current category if main header has a value
+        if pd.notna(main) and main and str(main).strip():
+            current_category = str(main)
+
+        # Determine which header value to use
+        header_value = _select_header_value(pd, main, sub, current_category, i)
+        merged_headers.append(header_value)
+
+    return merged_headers
+
+
+def _select_header_value(pd: "pd.DataFrame", main, sub, current_category: Optional[str], index: int) -> str:
+    """
+    Select the appropriate header value based on priority: sub-header > main header > category > unnamed.
+
+    :param pd.DataFrame pd: The pandas dataframe
+    :param main: Main header value
+    :param sub: Sub-header value
+    :param Optional[str] current_category: Current category from merged cells
+    :param int index: Column index for fallback naming
+    :return: Selected header value
+    :rtype: str
+    """
+    if pd.notna(sub) and sub and str(sub).strip():
+        return str(sub)
+    if pd.notna(main) and main and str(main).strip():
+        return str(main)
+    if current_category:
+        return f"{current_category}_{index}"
+    return f"Unnamed_{index}"
+
+
 def _load_and_prepare_cis_dataframe(file_path: click.Path, cis_sheet_name: str, skip_rows: int):
     """
     Load and prepare the CIS dataframe from the workbook.
@@ -1171,26 +1374,32 @@ def _load_and_prepare_cis_dataframe(file_path: click.Path, cis_sheet_name: str,
     :param int skip_rows: Number of rows to skip
     :return: Tuple of (prepared dataframe, updated skip_rows) or (None, skip_rows) if empty
     """
-    validator = ImportValidater(
-        file_path=file_path,
-        disable_mapping=True,
-        required_headers=[],
-        mapping_file_path=gettempdir(),
-        prompt=False,
-        ignore_unnamed=True,
-        worksheet_name=cis_sheet_name,
-        warn_extra_headers=False,
-    )
-    if validator.data.empty:
+    # Read the Excel file directly with pandas to preserve "N/A" as string
+    pd = get_pandas()
+    df = pd.read_excel(file_path, sheet_name=cis_sheet_name, header=None, keep_default_na=False)
+
+    if df.empty:
         return None, skip_rows
 
-    skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
+    # Find the row with "Control ID"
+    control_id_row_idx = _find_control_id_row_index(df)
+    if control_id_row_idx is None:
+        logger.error("Could not find 'Control ID' in CIS worksheet")
+        return None, skip_rows
 
-    cis_df = validator.data.iloc[skip_rows:].reset_index(drop=True)
-    cis_df.columns = cis_df.iloc[0]
+    # Extract and merge the two header rows
+    header_row = df.iloc[control_id_row_idx]
+    sub_header_row = df.iloc[control_id_row_idx + 1]
+    merged_headers = _merge_header_rows(header_row, sub_header_row)
+
+    # Get data starting from two rows after the main header row
+    cis_df = df.iloc[control_id_row_idx + 2 :].reset_index(drop=True)
+    cis_df.columns = merged_headers
     cis_df.dropna(how="all", inplace=True)
     cis_df.reset_index(drop=True, inplace=True)
 
+    skip_rows = control_id_row_idx + 2
+
     return cis_df, skip_rows
 
 
@@ -1207,7 +1416,7 @@ def _extract_status(data_row) -> str:
         "Implemented",
         ControlImplementationStatus.PartiallyImplemented,
         "Planned",
-        ALT_IMPLEMENTATION,
+        ALTERNATIVE_IMPLEMENTATION,  # Use the correct constant
         ControlImplementationStatus.NA,
     ]:
         if data_row[col]:

regscale/integrations/public/fedramp/poam/scanner.py

@@ -108,7 +108,7 @@ class FedrampPoamIntegration(ScannerIntegration):
                 error_and_exit(FILE_PATH_ERROR)
             self.workbook = self.workbook or load_workbook(filename=self.file_path, data_only=True, read_only=True)
             self.poam_sheets = kwargs.get("poam_sheets") or [
-                sheet for sheet in self.workbook.sheetnames if re.search("POA&M Items", sheet)
+                sheet for sheet in self.workbook.sheetnames if re.search("POA&M Items|Configuration Findings", sheet)
             ]
         except (FileNotFoundError, InvalidFileException, KeyError) as e:
             logger.error(f"Failed to load workbook: {e}")
@@ -338,7 +338,9 @@ class FedrampPoamIntegration(ScannerIntegration):
                 yield from findings
 
             if not poam_id or not poam_id.upper():
-                print(weakness_name, poam_id)
+                logger.debug(
+                    f"Invalid POAM ID on row {index}, sheet {sheet}: weakness_name={weakness_name}, poam_id={poam_id}"
+                )
                 logger.warning(f"Invalid POAM ID on row {index}, sheet {sheet}. Skipping.")
                 yield from findings
 
@@ -403,6 +405,10 @@ class FedrampPoamIntegration(ScannerIntegration):
                         if not status_date:
                             continue
 
+                    # Extract Controls field (Column B) for Configuration Findings
+                    controls = val_mapping.get_value(data, "Controls")
+                    affected_controls = str(controls) if controls else None
+
                     # Validate pluginText
                     finding = IntegrationFinding(
                         control_labels=[],
@@ -436,6 +442,7 @@ class FedrampPoamIntegration(ScannerIntegration):
                         risk_adjustment=self.determine_risk_adjustment(val_mapping.get_value(data, "Risk Adjustment")),
                         operational_requirements=str(val_mapping.get_value(data, "Operational Requirement")),
                         deviation_rationale=str(val_mapping.get_value(data, "Deviation Rationale")),
+                        affected_controls=affected_controls,
                         poam_id=poam_id,
                     )
                     if finding.is_valid():
@@ -498,6 +505,24 @@ class FedrampPoamIntegration(ScannerIntegration):
             asset_ids = val_mapping.get_value(data, ASSET_IDENTIFIER)
             if not asset_ids:
                 return row_assets
+
+            # Skip rows where asset identifier contains date/description text (header rows)
+            asset_ids_str = str(asset_ids).lower()
+            if any(
+                keyword in asset_ids_str
+                for keyword in [
+                    "date the weakness",
+                    "aka discovery",
+                    "permanent column",
+                    "date of intended",
+                    "last changed or closed",
+                    "port/protocol",
+                    "specified in the inventory",
+                ]
+            ):
+                logger.debug(f"Skipping row with header/description text in asset identifier: {str(asset_ids)[:100]}")
+                return row_assets
+
             asset_id_list = self.gen_asset_list(asset_ids)
 
             if not asset_id_list:
@@ -559,6 +584,9 @@ class FedrampPoamIntegration(ScannerIntegration):
                 return raw_type
 
             for asset_id in asset_id_list:
+                # Handle long asset names
+                asset_name, asset_notes = self._handle_long_asset_name(asset_id)
+
                 # Get raw values and clean them
                 raw_values = {
                     "ip": asset_id if validate_ip_address(asset_id) else "",
@@ -571,8 +599,8 @@ class FedrampPoamIntegration(ScannerIntegration):
                 asset_type = determine_asset_type(asset_id, raw_values["type"])
 
                 res = IntegrationAsset(
-                    name=asset_id,
-                    identifier=asset_id,
+                    name=asset_name,  # Use shortened name if needed
+                    identifier=asset_name,  # Use shortened name as identifier
                     asset_type=asset_type,  # Use determined asset type
                     asset_category=regscale_models.AssetCategory.Hardware,
                     parent_id=self.plan_id,
@@ -581,6 +609,7 @@ class FedrampPoamIntegration(ScannerIntegration):
                     ip_address=raw_values["ip"],
                     fqdn=raw_values["fqdn"],
                     mac_address=raw_values["mac"],
+                    notes=asset_notes,  # Store full name if truncated
                     date_last_updated=get_current_datetime(),
                 )
                 row_assets.append(res)
@@ -591,15 +620,52 @@ class FedrampPoamIntegration(ScannerIntegration):
 
         return row_assets
 
+    def _handle_long_asset_name(self, asset_id: str, max_length: int = 450) -> tuple[str, str]:
+        """
+        Handle asset names that exceed database field limits.
+        Generates a hash-based identifier for long names and preserves full name in notes.
+
+        :param str asset_id: The asset identifier
+        :param int max_length: Maximum allowed length (default: 450)
+        :return: Tuple of (shortened_name, notes)
+        :rtype: tuple[str, str]
+        """
+        if len(asset_id) <= max_length:
+            return asset_id, ""
+
+        # Generate hash-based identifier
+        import hashlib
+
+        hash_suffix = hashlib.sha256(asset_id.encode()).hexdigest()[:8]
+        truncated = asset_id[: max_length - 9]  # Leave room for underscore and hash
+        short_name = f"{truncated}_{hash_suffix}"
+        notes = f"Full identifier: {asset_id}"
+
+        logger.warning(f"Asset identifier exceeds {max_length} chars, truncated to: {short_name[:100]}...")
+        return short_name, notes
+
     def gen_asset_list(self, asset_ids: str):
         """
         Generate a list of asset identifiers from a string.
+        Handles multiple separator types: commas, semicolons, pipes, tabs, newlines, single/multiple spaces.
+        Also removes surrounding brackets that might wrap the list.
 
         :param str asset_ids: The asset identifier string
         :return: The list of asset identifiers
         :rtype: List[str]
         """
-        return [aid.strip() for aid in re.split(r"[,\n\r]+", asset_ids) if isinstance(aid, str) and aid.strip()]
+        # Remove surrounding brackets if present (handles cases like "[10.10.1.1 10.10.1.2]")
+        asset_ids = asset_ids.strip()
+        if asset_ids.startswith("[") and asset_ids.endswith("]"):
+            asset_ids = asset_ids[1:-1].strip()
+
+        # Split on: commas, semicolons, pipes, tabs, newlines, carriage returns, and ANY whitespace (including single spaces)
+        # Changed from \s{2,} to \s+ to handle single spaces between IPs
+        return [
+            aid.strip()
+            for aid in re.split(r"[,;\|\t\n\r]+|\s+", asset_ids)
+            if isinstance(aid, str) and aid.strip() and len(aid.strip()) > 0
+        ]
 
     @staticmethod
     def empty(string: Optional[str]) -> Optional[str]:
@@ -625,9 +691,10 @@ class FedrampPoamIntegration(ScannerIntegration):
         :return: The status (Open/Closed) or None
         :rtype: Optional[str]
         """
-        if "closed" in sheet.lower():
+        sheet_lower = sheet.lower()
+        if "closed" in sheet_lower:
             return "Closed"
-        elif "open" in sheet.lower():
+        elif "open" in sheet_lower or "configuration findings" in sheet_lower:
             return "Open"
         return None