Release/v0.9.6

.circleci/check_version_file.py

@@ -20,18 +20,10 @@
 DEVEL_BUILD = False
 with open("CHANGELOG.md") as f:
 	for line in f:
-		if re.match(r"^v.?999", line):
-			# v999 or v.999 indicates a development build
+		if re.match(r"^(v\S+-dev) \(.*", line) or re.match(r"^-+\s*$", line) or v.is_prerelease:
 			DEVEL_BUILD = True
 
-		elif re.match(r"^-+\s*$", line):
-			# A heading before a version number usually is for
-			# "In Development" and indicates this is a development
-			# build as well
-			DEVEL_BUILD = True
-
-		m = re.match(r"^(v\S+) \(.*", line)
-
+		m = re.match(r"^(v\S+-dev) \(.*|^(v\S+) \(.*", line)
 		if m:
 			CURRENT_VERSION = m.group(1)
 			break
@@ -46,17 +38,9 @@
 	sys.exit(1)
 
 # check to ensure that if either the CHANGELOG or VERSION indicates a development build, the other does so as well
-if not DEVEL_BUILD and str(v) == "999":
+if not DEVEL_BUILD and v.is_prerelease:
 	print("The VERSION file indicates a development build version of {}, while the CHANGELOG does not, indicating a version of {}.".format(VERSION, CURRENT_VERSION))
 	sys.exit(1)
-elif DEVEL_BUILD and str(v) != "999":
+elif DEVEL_BUILD and not v.is_prerelease:
 	print("The VERSION file does not indicate a development build, with a version of {}, while the CHANGELOG does indicate a development build, with a version of {}.".format(VERSION, CURRENT_VERSION))
 	sys.exit(1)
-
-# the following block looks for devel to indicate a development build, but we are moving to the 999
-# indicator. keeping for the ability to revert if necessary
-"""
-if DEVEL_BUILD and v.local != "devel":
-	print("ERROR: CHANGELOG has content before a version heading while VERSION file does not include '+devel'. For version releases, VERSION should not include '+devel' and no information should come before the version heading in CHANGELOG. Alternatively, the version number {} should end with +devel to signal that this is a development build.".format(repr(VERSION)))
-	sys.exit(1)
-"""

.gitignore

@@ -118,4 +118,5 @@ _notes/
 
 env_var.sh
 dev_env/docker/ssh/
-environment.json
+environment.json
+environment.okta.json

CHANGELOG.md

@@ -1,6 +1,34 @@
 GovReady-Q Release Notes
 ========================
 
+v0.9.6 (July 15, 2021)
+----------------------
+
+**UI changes**
+
+* Display legacy control implementation statements within system's statements.
+* Added compare components button to compare one component's statements to other selected components.
+* Added a Select/Deselect button for component comparison choice.
+* Add accordion to assessment page to provide information on getting data from Wazuh.
+* Add form to Assessments page to collect Wazuh information.
+
+**Bug fixes**
+
+* Set component library detail page Systems tab to not be inactive and thus remove the content from the System tab showing up on the Control Implementation Statements tab.
+
+**Developer changes**
+
+* Add custom Django command to batch import legacy control implementation statements from legacy SSPs Excel spreadsheet exports. Currently supports CSAM.
+* Added missing unit test for portfolio project endpoint.
+* Add `sec_srvc.SecurityService` class to represent a security service from which data could be collected.
+
+**Data changes**
+
+* Set all `StatementTypeEnum.<LABEL>.value` to `StatementTypeEnum.<LABEL>.name` in order for relevant label/term to show up in Django database admin interface.
+* Create baselines for CMMC catalog.
+* Fisma impact level is now represented as Security Sensitivity level following OSCAL's schema.
+
+
 v0.9.5 (June 23, 2021)
 ----------------------
 
@@ -13,7 +41,7 @@ v0.9.5 (June 23, 2021)
 
 * Add "Import AppSource" button for admins in Compliance App store to simplify end-users adding AppSource.
 * Link to library version of component from a system's selected control component listing and selected components.
-
+* Improve UI of project security objectives. Improve alignment and convert text fields to select boxes to control data input.
 
 v0.9.4 (June 13, 2021)
 ----------------------
@@ -25,9 +53,11 @@ v0.9.4 (June 13, 2021)
 * Created a modal to allow an admin user to add security objectives confidentiality, integrity, and availability.
 * Add field to identify user's default portfolio.
 
+
 **UI changes**
 
 * Can now edit a system componet's state and type in the detail page for a selected component.
+* Can now create a component with a state and type with the `ElementForm`
 * Improve project pages appearance: decrease action button width and left align text; widen from 9 to 10 columns main content.
 * Remove "Refresh Documents" button on task finished page because caches are now automatically cleared and document content refreshed.
 * Display system component component_state and component_type when component is listed for a system.
@@ -61,6 +91,7 @@ v0.9.4 (June 13, 2021)
 * File upload validator now accepts files with capitalized extensions, e.g. ".JPG".
 * File upload validator now recognizes ".jpeg" in addition to ".jpg" extension on JPEG files.
 
+
 v0.9.3.5.3 (May 16, 2021)
 -------------------------
 

VERSION

@@ -1 +1,2 @@
-v0.9.5
+v0.9.6-dev
+

controls/data/baselines/CMMC_ver1_baselines.json

@@ -0,0 +1,22 @@
+{
+    "level 1" : {
+        "controls":
+            ["ac.1.001", "ac.1.002", "ac.1.003", "ac.1.004", "ia.1.076", "ia.1.077", "mp.1.118", "pe.1.131", "pe.1.132", "pe.1.133", "pe.1.134", "sc.1.175", "sc.1.176", "si.1.210", "si.1.211", "si.1.212", "si.1.213"]
+        },
+    "level 2" : {
+        "controls":
+            ["ac.1.001", "ac.2.005", "ac.2.006", "ac.1.002", "ac.2.007", "ac.2.008", "ac.2.009", "ac.2.010", "ac.2.011", "ac.2.013", "ac.2.015", "ac.1.003", "ac.2.016", "ac.1.004", "au.2.041", "au.2.042", "au.2.043", "au.2.044", "at.2.056", "at.2.057", "cm.2.061", "cm.2.062", "cm.2.063", "cm.2.064", "cm.2.065", "cm.2.066", "ia.1.076", "ia.2.078", "ia.1.077", "ia.2.079", "ia.2.080", "ia.2.081", "ia.2.082", "ir.2.092", "ir.2.093", "ir.2.094", "ir.2.096", "ir.2.097", "ma.2.111", "ma.2.112", "ma.2.113", "ma.2.114", "mp.2.119", "mp.2.120", "mp.2.121", "mp.1.118", "ps.2.127", "ps.2.128", "pe.1.131", "pe.2.135", "pe.1.132", "pe.1.133", "pe.1.134", "re.2.137", "re.2.138", "rm.2.141", "rm.2.142", "ca.2.157", "ca.2.158", "ca.2.159", "sc.2.178", "sc.2.179", "sc.1.175", "sc.1.176", "si.1.210", "si.2.214", "si.1.211", "si.1.212", "si.1.213", "si.2.216", "si.2.217", "si.3.220"]
+        },
+    "level 3" : {
+        "controls":
+            ["ac.1.001", "ac.2.005", "ac.2.006", "ac.1.002", "ac.2.007", "ac.3.017", "ac.2.008", "ac.3.018", "ac.2.009", "ac.3.019", "ac.2.010", "ac.3.012", "ac.2.011", "ac.3.020", "ac.2.013", "ac.3.014", "ac.2.015", "ac.3.021", "ac.1.003", "ac.2.016", "ac.3.022", "ac.1.004", "au.2.041", "au.3.045", "au.3.046", "au.2.042", "au.3.048", "au.2.043", "au.3.049", "au.3.050", "au.2.044", "au.3.051", "au.3.052", "at.2.056", "at.3.058", "at.2.057", "cm.2.061", "cm.2.062", "cm.2.063", "cm.2.064", "cm.3.067", "cm.2.065", "cm.3.068", "cm.2.066", "cm.3.069", "ia.1.076", "ia.2.078", "ia.3.083", "ia.1.077", "ia.2.079", "ia.3.084", "ia.2.080", "ia.3.085", "ia.2.081", "ia.3.086", "ia.2.082", "ir.2.092", "ir.2.093", "ir.2.094", "ir.2.096", "ir.3.098", "ir.2.097", "ir.3.099", "ma.2.111", "ma.3.115", "ma.2.112", "ma.3.116", "ma.2.113", "ma.2.114", "mp.3.122", "mp.2.119", "mp.3.123", "mp.2.120", "mp.2.121", "mp.1.118", "mp.3.124", "mp.3.125", "ps.2.127", "ps.2.128", "pe.1.131", "pe.2.135", "pe.3.136", "pe.1.132", "pe.1.133", "pe.1.134", "re.2.137", "re.3.139", "re.2.138", "rm.2.141", "rm.3.144", "rm.2.142", "rm.3.146", "rm.3.147", "ca.2.157", "ca.2.158", "ca.3.161", "ca.2.159", "ca.3.162", "sa.3.169", "sc.2.178", "sc.3.177", "sc.2.179", "sc.3.180", "sc.3.181", "sc.3.182", "sc.3.183", "sc.3.184", "sc.3.185", "sc.3.186", "sc.3.187", "sc.3.188", "sc.3.189", "sc.3.190", "sc.3.191", "sc.1.175", "sc.3.192", "sc.1.176", "sc.3.193", "si.1.210", "si.2.214", "si.1.211", "si.1.212", "si.1.213", "si.2.216", "si.3.218", "si.2.217", "si.3.219", "si.3.220"]
+        },
+    "level 4" : {
+        "controls":
+            ["ac.1.001", "ac.2.005", "ac.2.006", "ac.1.002", "ac.2.007", "ac.3.017", "ac.4.023", "ac.2.008", "ac.3.018", "ac.4.025", "ac.2.009", "ac.3.019", "ac.2.010", "ac.3.012", "ac.2.011", "ac.3.020", "ac.2.013", "ac.3.014", "ac.4.032", "ac.2.015", "ac.3.021", "ac.1.003", "ac.2.016", "ac.3.022", "ac.1.004", "au.2.041", "au.3.045", "au.3.046", "au.2.042", "au.3.048", "au.2.043", "au.3.049", "au.3.050", "au.2.044", "au.3.051", "au.4.053", "au.3.052", "au.4.054", "at.2.056", "at.3.058", "at.4.059", "at.4.060", "at.2.057", "cm.2.061", "cm.2.062", "cm.2.063", "cm.2.064", "cm.3.067", "cm.4.073", "cm.2.065", "cm.3.068", "cm.2.066", "cm.3.069", "ia.1.076", "ia.2.078", "ia.3.083", "ia.1.077", "ia.2.079", "ia.3.084", "ia.2.080", "ia.3.085", "ia.2.081", "ia.3.086", "ia.2.082", "ir.2.092", "ir.4.100", "ir.2.093", "ir.2.094", "ir.2.096", "ir.3.098", "ir.4.101", "ir.2.097", "ir.3.099", "ma.2.111", "ma.3.115", "ma.2.112", "ma.3.116", "ma.2.113", "ma.2.114", "mp.3.122", "mp.2.119", "mp.3.123", "mp.2.120", "mp.2.121", "mp.1.118", "mp.3.124", "mp.3.125", "ps.2.127", "ps.2.128", "pe.1.131", "pe.2.135", "pe.3.136", "pe.1.132", "pe.1.133", "pe.1.134", "re.2.137", "re.3.139", "re.2.138", "rm.2.141", "rm.3.144", "rm.4.149", "rm.2.142", "rm.4.150", "rm.4.151", "rm.3.146", "rm.3.147", "rm.4.148", "ca.2.157", "ca.4.163", "ca.2.158", "ca.3.161", "ca.4.164", "ca.2.159", "ca.4.227", "ca.3.162", "sa.3.169", "sa.4.171", "sa.4.173", "sc.2.178", "sc.3.177", "sc.4.197", "sc.2.179", "sc.3.180", "sc.4.228", "sc.3.181", "sc.3.182", "sc.3.183", "sc.3.184", "sc.3.185", "sc.3.186", "sc.3.187", "sc.3.188", "sc.3.189", "sc.3.190", "sc.3.191", "sc.1.175", "sc.3.192", "sc.4.199", "sc.1.176", "sc.3.193", "sc.4.202", "sc.4.229", "si.1.210", "si.2.214", "si.4.221", "si.1.211", "si.1.212", "si.1.213", "si.2.216", "si.3.218", "si.2.217", "si.3.219", "si.3.220"]
+        },
+    "level 5" : {
+        "controls":
+            ["ac.1.001", "ac.2.005", "ac.2.006", "ac.1.002", "ac.2.007", "ac.3.017", "ac.4.023", "ac.5.024", "ac.2.008", "ac.3.018", "ac.4.025", "ac.2.009", "ac.3.019", "ac.2.010", "ac.3.012", "ac.2.011", "ac.3.020", "ac.2.013", "ac.3.014", "ac.4.032", "ac.2.015", "ac.3.021", "ac.1.003", "ac.2.016", "ac.3.022", "ac.1.004", "au.2.041", "au.3.045", "au.3.046", "au.2.042", "au.3.048", "au.5.055", "au.2.043", "au.3.049", "au.3.050", "au.2.044", "au.3.051", "au.4.053", "au.3.052", "au.4.054", "at.2.056", "at.3.058", "at.4.059", "at.4.060", "at.2.057", "cm.2.061", "cm.2.062", "cm.2.063", "cm.2.064", "cm.3.067", "cm.4.073", "cm.5.074", "cm.2.065", "cm.3.068", "cm.2.066", "cm.3.069", "ia.1.076", "ia.2.078", "ia.3.083", "ia.1.077", "ia.2.079", "ia.3.084", "ia.2.080", "ia.3.085", "ia.2.081", "ia.3.086", "ia.2.082", "ir.2.092", "ir.4.100", "ir.5.106", "ir.2.093", "ir.2.094", "ir.2.096", "ir.3.098", "ir.4.101", "ir.5.102", "ir.5.108", "ir.2.097", "ir.3.099", "ir.5.110", "ma.2.111", "ma.3.115", "ma.2.112", "ma.3.116", "ma.2.113", "ma.2.114", "mp.3.122", "mp.2.119", "mp.3.123", "mp.2.120", "mp.2.121", "mp.1.118", "mp.3.124", "mp.3.125", "ps.2.127", "ps.2.128", "pe.1.131", "pe.2.135", "pe.3.136", "pe.1.132", "pe.1.133", "pe.1.134", "re.2.137", "re.3.139", "re.2.138", "re.5.140", "rm.2.141", "rm.3.144", "rm.4.149", "rm.2.142", "rm.4.150", "rm.4.151", "rm.3.146", "rm.5.152", "rm.3.147", "rm.5.155", "rm.4.148", "ca.2.157", "ca.4.163", "ca.2.158", "ca.3.161", "ca.4.164", "ca.2.159", "ca.4.227", "ca.3.162", "sa.3.169", "sa.4.171", "sa.4.173", "sc.2.178", "sc.3.177", "sc.4.197", "sc.5.198", "sc.2.179", "sc.3.180", "sc.4.228", "sc.5.230", "sc.3.181", "sc.3.182", "sc.3.183", "sc.3.184", "sc.3.185", "sc.3.186", "sc.3.187", "sc.3.188", "sc.3.189", "sc.3.190", "sc.3.191", "sc.1.175", "sc.3.192", "sc.4.199", "sc.5.208", "sc.1.176", "sc.3.193", "sc.4.202", "sc.4.229", "si.1.210", "si.2.214", "si.4.221", "si.1.211", "si.5.222", "si.1.212", "si.1.213", "si.2.216", "si.3.218", "si.5.223", "si.2.217", "si.3.219", "si.3.220"]
+        }
+}