From 6c328e8bde1933ab7f206222089b2acb236569c8 Mon Sep 17 00:00:00 2001 From: Jez Caudle Date: Tue, 7 Feb 2023 06:17:08 +0000 Subject: [PATCH] Finnaly managed to parse the YAML. Need to aadd the rest and then whip it into a database when we create a CAF for a company. --- app/views/home/index.html.erb | 12 ++++++++++++ config/caf_text.yml | 6 +++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/app/views/home/index.html.erb b/app/views/home/index.html.erb index 940208c..6f9bc41 100644 --- a/app/views/home/index.html.erb +++ b/app/views/home/index.html.erb @@ -39,7 +39,19 @@ Not Signed in. <% sub_principles.each do |sub_principle| %> <% sub_principle_info = sub_principle["sub-principle"] %>

<%= sub_principle_info["name"]%>
<%= sub_principle_info["description"]%>

+ <% sub_principle_item_groups = sub_principle_info["subprincipleitemgroups"] %> + <% sub_principle_item_groups.each do |key,value| %> + <% header = key["subprincipleitemgroup"] %> + <%= header["type"] %> - <%= header["condition"] %>
+ <% subprincipleitem = header["subprincipleitem"] %> + <% subprincipleitem.each do |subprinciple| %> + <%= subprinciple %>
+ <% end %> + <% end %> + <%# sub_principle_item_group_info = sub_principle_item_groups["subprincipleitemgroup"] %> <%# sub_prinicple_item_group_info.each do |sub_principle_item_group| %> + <%#= sub_principle_item_group["type"] %> <%#= sub_principle_item_group["condition"] %> + <%# end %> <% end %> <% end %> <% end %> diff --git a/config/caf_text.yml b/config/caf_text.yml index 992357b..e1eff2c 100644 --- a/config/caf_text.yml +++ b/config/caf_text.yml @@ -74,7 +74,7 @@ objectives: name: A2.a Risk Management Process description: Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities. subprincipleitemgroups: - - subprincipalitemgroup: + - subprincipleitemgroup: type: Not condition: At least one subprincipleitem: @@ -86,7 +86,7 @@ objectives: - Systems are assessed in isolation, without consideration of dependencies and interactions with other systems. (e.g. interactions between IT and OT environments). - Security requirements and mitigation's are arbitrary or are applied from a control catalogue without consideration of how they contribute to the security of the essential function. - Risks remain unresolved on a register for prolonged periods of time awaiting senior decision-making or resource allocation to resolve. - - subprincipalitemgroup: + - subprincipleitemgroup: type: Partially condition: All subprincipleitem: @@ -116,7 +116,7 @@ objectives: - subprincipleitemgroup: type: Not condition: At least one - subprincipalitem: + subprincipleitem: - A particular product or service is seen as a "silver bullet" and vendor claims are taken at face value. - Assurance methods are applied without appreciation of their strengths and limitations, such as the risks of penetration testing in operational environments. - Assurance is assumed because there have been no known problems to date.