diff --git a/app/views/home/index.html.erb b/app/views/home/index.html.erb
index 940208c..6f9bc41 100644
--- a/app/views/home/index.html.erb
+++ b/app/views/home/index.html.erb
@@ -39,7 +39,19 @@ Not Signed in.
<% sub_principles.each do |sub_principle| %>
<% sub_principle_info = sub_principle["sub-principle"] %>
<%= sub_principle_info["name"]%>
<%= sub_principle_info["description"]%>
+ <% sub_principle_item_groups = sub_principle_info["subprincipleitemgroups"] %>
+ <% sub_principle_item_groups.each do |key,value| %>
+ <% header = key["subprincipleitemgroup"] %>
+ <%= header["type"] %> - <%= header["condition"] %>
+ <% subprincipleitem = header["subprincipleitem"] %>
+ <% subprincipleitem.each do |subprinciple| %>
+ <%= subprinciple %>
+ <% end %>
+ <% end %>
+ <%# sub_principle_item_group_info = sub_principle_item_groups["subprincipleitemgroup"] %> <%# sub_prinicple_item_group_info.each do |sub_principle_item_group| %>
+ <%#= sub_principle_item_group["type"] %> <%#= sub_principle_item_group["condition"] %>
+ <%# end %>
<% end %>
<% end %>
<% end %>
diff --git a/config/caf_text.yml b/config/caf_text.yml
index 992357b..e1eff2c 100644
--- a/config/caf_text.yml
+++ b/config/caf_text.yml
@@ -74,7 +74,7 @@ objectives:
name: A2.a Risk Management Process
description: Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.
subprincipleitemgroups:
- - subprincipalitemgroup:
+ - subprincipleitemgroup:
type: Not
condition: At least one
subprincipleitem:
@@ -86,7 +86,7 @@ objectives:
- Systems are assessed in isolation, without consideration of dependencies and interactions with other systems. (e.g. interactions between IT and OT environments).
- Security requirements and mitigation's are arbitrary or are applied from a control catalogue without consideration of how they contribute to the security of the essential function.
- Risks remain unresolved on a register for prolonged periods of time awaiting senior decision-making or resource allocation to resolve.
- - subprincipalitemgroup:
+ - subprincipleitemgroup:
type: Partially
condition: All
subprincipleitem:
@@ -116,7 +116,7 @@ objectives:
- subprincipleitemgroup:
type: Not
condition: At least one
- subprincipalitem:
+ subprincipleitem:
- A particular product or service is seen as a "silver bullet" and vendor claims are taken at face value.
- Assurance methods are applied without appreciation of their strengths and limitations, such as the risks of penetration testing in operational environments.
- Assurance is assumed because there have been no known problems to date.