Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds fedramp-transform command implementation #39

Merged
merged 24 commits into from
Sep 19, 2024
Merged

feat: adds fedramp-transform command implementation #39

merged 24 commits into from
Sep 19, 2024

Conversation

jpower432
Copy link
Member

@jpower432 jpower432 commented Apr 25, 2024
edited
Loading

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • All commits are signed-off.

Summary

Adds fedramp-transform command to populate information in the SSP Appendix A template

Smaller diffs can be found:
#27
#29
#32
#34

Blocked by #46 This should not be merged to develop until 0.3.0 is released

Key links:

@jpower432
chore: adds FedRAMP SSP Appendix A template to resources
17adc20 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds fedramp-transform command
6d7033d 
Initial population is control origination in the
control summary table

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
test: adds unit test for transform command and related classes
e3704f4 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
fix: handles control with no labels
0e0670b 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
chore: moves FEDRAMP constant from class data to const.py
2477f79 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds support for multiple checked boxes
7227207 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: updates FedRAMPSSPReader to collect control responses
2f2fd73 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds FedRampDocx and ControlImplementation description classes
5c93eb0 
FedRampDocx is a single class to handle as template population and
ControlImplementationDescriptions handle control responses for
each control and parts

BREAKING CHANGE: Adds a breaking API to ControlSummaries class

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
chore: updates class organization and add check for invalid control o…
afc9313 
…rigination

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds filtering for responses by component
825e700 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
test: moves check functions to test_utils and adds test in transform_…
9c30499 
…test.py

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
chore: removes include_components and tests
dbe66f5 
Trestle already have filtering capabilites for components. This plugin
should not duplicate that logic.

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
chore: updates docx response format in the cell
26d4166 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds get_implementation_status to FedRAMPSSPReader
68ebbde 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: populates the implementation status cell in the FedRAMP template
7c42bac 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
fix: refines error message when multiple implementation statuses are set
f58f3b1 
The error message did not include the control id which makes it
difficult for the user to identify which implemented requirement to fix

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds reading parameters values in the FedRAMPSSPReader
fe2544a 
Implementation has been designed around how compliance-trestle
currently processes SSP parameters and the assumption is that the plugin would
be used in conjunction with Agile Authoring to acheieve the resulting
SSP.

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: add FedRAMP parameter populate in the SSP Appendix A template
a3a5478 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
refactor: only adds parameter values when set
c15cf90 
Per the FedRAMP OSCAL SSP guidance each parameter should be set
at least at the implemented requirements level. FedRAMP baselines
only provide constraints.

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds responsible role processing to FedRAMPSSPReader class
c2daaf0 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
feat: adds responsible role population in docx template
456e236 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432 jpower432 changed the base branch from feat/fedramp-transform-parameters to develop April 25, 2024 19:23
@jpower432 jpower432 mentioned this pull request Apr 25, 2024
Closed
7 tasks
@jpower432 jpower432 marked this pull request as draft April 25, 2024 19:26
@jpower432 jpower432 added this to the 0.4.0 milestone Apr 26, 2024
@jpower432 jpower432 closed this May 9, 2024
@jpower432 jpower432 reopened this May 9, 2024
gvauter
gvauter suggested changes Jul 24, 2024
View reviewed changes
Copy link

@gvauter gvauter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One suggestion on not instantiating a class instance just to avoid potential unwanted init behavior down the road.

trestle_fedramp/core/ssp_reader.py Outdated Show resolved Hide resolved
trestle_fedramp/core/ssp_reader.py Outdated Show resolved Hide resolved
This was referenced Jul 29, 2024
Closed
Closed
This was referenced Jul 29, 2024
Closed
Closed
@jpower432 jpower432 changed the title feat: adds responsible role to fedramp transform feat: adds fedramp-transform command implementation Jul 29, 2024
@jpower432 jpower432 requested a review from gvauter July 29, 2024 13:58
gvauter
gvauter approved these changes Jul 29, 2024
View reviewed changes
Copy link

@gvauter gvauter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jpower432 jpower432 marked this pull request as ready for review July 29, 2024 16:08
@jpower432 jpower432 linked an issue Aug 26, 2024 that may be closed by this pull request
Add a feature to use content from an OSCAL SSP to populate the FedRAMP SSP Appendix A template #20
Closed
7 tasks
vikas-agarwal76
vikas-agarwal76 approved these changes Aug 27, 2024
View reviewed changes
Copy link
Collaborator

@vikas-agarwal76 vikas-agarwal76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jpower432
Copy link
Member Author

Merging this now that 0.3.0 has been released.

@jpower432 jpower432 merged commit 2136659 into develop Sep 19, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vikas-agarwal76 vikas-agarwal76 vikas-agarwal76 approved these changes

@gvauter gvauter gvauter approved these changes

@butler54 butler54 Awaiting requested review from butler54

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.4.0
Development

Successfully merging this pull request may close these issues.

Add a feature to use content from an OSCAL SSP to populate the FedRAMP SSP Appendix A template
3 participants
@jpower432 @gvauter @vikas-agarwal76