def test_add_component_from_url(self): "Test method 'add_component_from_url'" sp = SystemCompliance() ocfileurl = 'https://raw.githubusercontent.com/pburkholder/freedonia-compliance/master/AU_policy/component.yaml' sp.add_component_from_url(ocfileurl) print(sp.components()) self.assertTrue(sp.components() == ['Audit Policy'])
def test_summary(self): "Test outputting basic system compliance profile" sp = SystemCompliance() # set system name sp.system['name'] = "GovReady WordPress Dashboard" # add system components my_components = [ '../data/UAA_component.yaml', '../data/AU_policy_component.yaml' ] [ sp.add_component_from_url( "file://%s" % os.path.join(os.path.dirname(__file__), ocfileurl)) for ocfileurl in my_components ] # add system standard standard_name = "FRIST-800-53" standard_dict = {"name": "FRIST-800-53", "other_key": "some value"} sp.add_system_dict('standards', standard_name, standard_dict) # add system certifications name = "FRed-RAMP-Low" my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"} sp.add_system_dict('certifications', name, my_dict) # Test system compliance profile print("System compliance summary %s" % sp.summary()) print(sp.summary()['components']) print("********") self.assertTrue(sp.summary()['standards'] == ['FRIST-800-53']) self.assertTrue(sp.summary()['certifications'] == ['FRed-RAMP-Low']) self.assertTrue('Audit Policy' in sp.summary()['components']) self.assertTrue('User Account and Authentication (UAA) Server' in sp.summary()['components']) self.assertTrue(sp.summary()['name'] == 'GovReady WordPress Dashboard')
def test_control(self): "Test the control implementation object" # instantiate SystemCompliance object and populate to test sp = SystemCompliance() sp.system['name'] = "GovReady WordPress Dashboard" my_components = [ '../data/UAA_component.yaml', '../data/AU_policy_component.yaml' ] [ sp.add_component_from_url( "file://%s" % os.path.join(os.path.dirname(__file__), ocfileurl)) for ocfileurl in my_components ] standard_name = "FRIST-800-53" standard_dict = {"name": "FRIST-800-53", "other_key": "some value"} sp.add_system_dict('standards', standard_name, standard_dict) name = "FRed-RAMP-Low" my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"} sp.add_system_dict('certifications', name, my_dict) # # System instantiated, let's test displaying control information # # report when a control is not found ck = "AC-200" # no such control ci = sp.control(ck) print("%s info is %s " % (ck, ci.title)) print("\n") self.assertTrue(ci.id == "AC-200") self.assertTrue(ci.title == None) self.assertTrue(ci.description == None) self.assertTrue(ci.responsible == None) self.assertTrue(ci.components_dict == {}) # TODO Test implementation_status # TODO Test implementation_status_details ck = "AU-1" ci = sp.control(ck) print(ci.id) print(ci.title) print(ci.description) print("\nSystem control implmentation details") print("-------------------------------------") print(ci.components) print(ci.implementation_narrative) self.assertTrue(ci.id == "AU-1") self.assertTrue( ci.title == 'AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES') self.assertTrue(ci.description == """The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: a.1. An audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and a.2. Procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls; and b. Reviews and updates the current: b.1. Audit and accountability policy [Assignment: organization-defined frequency]; and b.2. Audit and accountability procedures [Assignment: organization-defined frequency].""" ) self.assertTrue(ci.responsible == 'organization') self.assertTrue(ci.components == ['Audit Policy']) # report when a control is found ck = "AC-4" ci = sp.control(ck) print(ci.id) print(ci.title) print(ci.description) print("\nSystem control implmentation details") print("-------------------------------------") print(ci.components) print(ci.implementation_narrative) self.assertTrue(ci.id == "AC-4") self.assertTrue(ci.title == 'INFORMATION FLOW ENFORCEMENT') self.assertTrue( ci.description == 'The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].' ) self.assertTrue(ci.responsible == 'information system') self.assertTrue( ci.components == ['User Account and Authentication (UAA) Server']) # test control enhancement id ck = "AC-2 (1)" ci = sp.control(ck) print(ci.id) print(ci.title) print(ci.description) print("\nSystem control implmentation details") print("-------------------------------------") print(ci.components) print(ci.implementation_narrative) self.assertTrue(ci.id == "AC-2 (1)") self.assertTrue(ci.title == 'AUTOMATED SYSTEM ACCOUNT MANAGEMENT') self.assertTrue( ci.description == 'The organization employs automated mechanisms to support the management of information system accounts.' ) self.assertTrue(ci.responsible == None) self.assertTrue( ci.components == ['User Account and Authentication (UAA) Server'])