From 6c17e1ec5a2dd7d23e2097e564e8e2ccdc17ba41 Mon Sep 17 00:00:00 2001 From: CRob <69357996+SecurityCRob@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:46:13 -0500 Subject: [PATCH 1/2] Update DO category to OSPS-DO-xxx format swap DO from 2digit ids "XX" to 3digit "XXX" fix one miscategorization Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> --- baseline/OSPS-DO.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/baseline/OSPS-DO.yaml b/baseline/OSPS-DO.yaml index c1a6dab..0ee21c9 100644 --- a/baseline/OSPS-DO.yaml +++ b/baseline/OSPS-DO.yaml @@ -7,7 +7,7 @@ description: | accurate, and up-to-date, enabling users to understand the project's features and functionality. criteria: - - id: OSPS-DO-03 + - id: OSPS-DO-101 maturity_level: 1 category: Documentation criterion: | @@ -34,7 +34,7 @@ criteria: OCRE: 036-275 security_insights_value: # TODO - - id: OSPS-DO-05 + - id: OSPS-DO-102 maturity_level: 1 category: Documentation criterion: | @@ -65,7 +65,7 @@ criteria: OC: 4.2.1 security_insights_value: # TODO - - id: OSPS-DO-12 + - id: OSPS-DO-201 maturity_level: 2 category: Documentation criterion: | @@ -93,7 +93,7 @@ criteria: OCRE: 171-222 security_insights_value: # TODO - - id: OSPS-DO-13 + - id: OSPS-DO-202 maturity_level: 2 category: Documentation criterion: | @@ -115,7 +115,7 @@ criteria: OC: 4.1, 4.3.1 security_insights_value: # TODO - - id: OSPS-DO-14 + - id: OSPS-DO-301 maturity_level: 3 category: Documentation criterion: | @@ -131,9 +131,9 @@ criteria: OCRE: 673-475, 053-751 security_insights_value: # TODO - - id: OSPS-DO-15 + - id: OSPS-DO-203 maturity_level: 2 - category: Vulnerability Management + category: Documentation criterion: | The project documentation MUST include a description of how the project selects, From 1045b94a4be5e65954829920f01f5f7139daafc9 Mon Sep 17 00:00:00 2001 From: CRob <69357996+SecurityCRob@users.noreply.github.com> Date: Thu, 30 Jan 2025 16:15:53 -0500 Subject: [PATCH 2/2] Update OSPS-DO.yaml adjusted criteria order to be numeric Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> --- baseline/OSPS-DO.yaml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/baseline/OSPS-DO.yaml b/baseline/OSPS-DO.yaml index 0ee21c9..ed2eced 100644 --- a/baseline/OSPS-DO.yaml +++ b/baseline/OSPS-DO.yaml @@ -115,22 +115,6 @@ criteria: OC: 4.1, 4.3.1 security_insights_value: # TODO - - id: OSPS-DO-301 - maturity_level: 3 - category: Documentation - criterion: | - The project documentation MUST provide a - descriptive statement when releases or - versions are no longer supported and that - will no longer receive security updates. - rationale: # TODO - implementation: # TODO - control_mappings: - CRA: 1.2c, 2.6 - OC: 4.1.1, 4.3.1 - OCRE: 673-475, 053-751 - security_insights_value: # TODO - - id: OSPS-DO-203 maturity_level: 2 category: Documentation @@ -147,3 +131,18 @@ criteria: security_insights_value: Pinned-Dependencies + - id: OSPS-DO-301 + maturity_level: 3 + category: Documentation + criterion: | + The project documentation MUST provide a + descriptive statement when releases or + versions are no longer supported and that + will no longer receive security updates. + rationale: # TODO + implementation: # TODO + control_mappings: + CRA: 1.2c, 2.6 + OC: 4.1.1, 4.3.1 + OCRE: 673-475, 053-751 + security_insights_value: # TODO