def test_add_component_from_url(self):
"Test method 'add_component_from_url'"
sp = SystemCompliance()
ocfileurl = 'https://raw.githubusercontent.com/pburkholder/freedonia-compliance/master/AU_policy/component.yaml'
sp.add_component_from_url(ocfileurl)
print(sp.components())
self.assertTrue(sp.components() == ['Audit Policy'])
def test_summary(self):
"Test outputting basic system compliance profile"
sp = SystemCompliance()
# set system name
sp.system['name'] = "GovReady WordPress Dashboard"
# add system components
my_components = [
'../data/UAA_component.yaml', '../data/AU_policy_component.yaml'
]
[
sp.add_component_from_url(
"file://%s" %
os.path.join(os.path.dirname(__file__), ocfileurl))
for ocfileurl in my_components
]
# add system standard
standard_name = "FRIST-800-53"
standard_dict = {"name": "FRIST-800-53", "other_key": "some value"}
sp.add_system_dict('standards', standard_name, standard_dict)
# add system certifications
name = "FRed-RAMP-Low"
my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"}
sp.add_system_dict('certifications', name, my_dict)
# Test system compliance profile
print("System compliance summary %s" % sp.summary())
print(sp.summary()['components'])
print("********")
self.assertTrue(sp.summary()['standards'] == ['FRIST-800-53'])
self.assertTrue(sp.summary()['certifications'] == ['FRed-RAMP-Low'])
self.assertTrue('Audit Policy' in sp.summary()['components'])
self.assertTrue('User Account and Authentication (UAA) Server' in
sp.summary()['components'])
self.assertTrue(sp.summary()['name'] == 'GovReady WordPress Dashboard')
def test_control(self):
"Test the control implementation object"
# instantiate SystemCompliance object and populate to test
sp = SystemCompliance()
sp.system['name'] = "GovReady WordPress Dashboard"
my_components = [
'../data/UAA_component.yaml', '../data/AU_policy_component.yaml'
]
[
sp.add_component_from_url(
"file://%s" %
os.path.join(os.path.dirname(__file__), ocfileurl))
for ocfileurl in my_components
]
standard_name = "FRIST-800-53"
standard_dict = {"name": "FRIST-800-53", "other_key": "some value"}
sp.add_system_dict('standards', standard_name, standard_dict)
name = "FRed-RAMP-Low"
my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"}
sp.add_system_dict('certifications', name, my_dict)
#
# System instantiated, let's test displaying control information
#
# report when a control is not found
ck = "AC-200" # no such control
ci = sp.control(ck)
print("%s info is %s " % (ck, ci.title))
print("\n")
self.assertTrue(ci.id == "AC-200")
self.assertTrue(ci.title == None)
self.assertTrue(ci.description == None)
self.assertTrue(ci.responsible == None)
self.assertTrue(ci.components_dict == {})
# TODO Test implementation_status
# TODO Test implementation_status_details
ck = "AU-1"
ci = sp.control(ck)
print(ci.id)
print(ci.title)
print(ci.description)
print("\nSystem control implmentation details")
print("-------------------------------------")
print(ci.components)
print(ci.implementation_narrative)
self.assertTrue(ci.id == "AU-1")
self.assertTrue(
ci.title == 'AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES')
self.assertTrue(ci.description == """The organization:
a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
a.1. An audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
a.2. Procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls; and
b. Reviews and updates the current:
b.1. Audit and accountability policy [Assignment: organization-defined frequency]; and
b.2. Audit and accountability procedures [Assignment: organization-defined frequency]."""
)
self.assertTrue(ci.responsible == 'organization')
self.assertTrue(ci.components == ['Audit Policy'])
# report when a control is found
ck = "AC-4"
ci = sp.control(ck)
print(ci.id)
print(ci.title)
print(ci.description)
print("\nSystem control implmentation details")
print("-------------------------------------")
print(ci.components)
print(ci.implementation_narrative)
self.assertTrue(ci.id == "AC-4")
self.assertTrue(ci.title == 'INFORMATION FLOW ENFORCEMENT')
self.assertTrue(
ci.description ==
'The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].'
)
self.assertTrue(ci.responsible == 'information system')
self.assertTrue(
ci.components == ['User Account and Authentication (UAA) Server'])
# test control enhancement id
ck = "AC-2 (1)"
ci = sp.control(ck)
print(ci.id)
print(ci.title)
print(ci.description)
print("\nSystem control implmentation details")
print("-------------------------------------")
print(ci.components)
print(ci.implementation_narrative)
self.assertTrue(ci.id == "AC-2 (1)")
self.assertTrue(ci.title == 'AUTOMATED SYSTEM ACCOUNT MANAGEMENT')
self.assertTrue(
ci.description ==
'The organization employs automated mechanisms to support the management of information system accounts.'
)
self.assertTrue(ci.responsible == None)
self.assertTrue(
ci.components == ['User Account and Authentication (UAA) Server'])
