Documentation
¶
Overview ¶
Package catalog provides types and loading for the control catalog.
The catalog is the authoritative set of controls the platform implements. Controls are organized into groups (technical, organizational) defined in YAML files under catalog/.
Index ¶
Constants ¶
const ( ControlValidated = "validated" // all findings resolved with evidence ControlVerified = "verified" // all findings resolved, some lack evidence ControlInProgress = "in_progress" // at least one finding is being worked on ControlToDo = "to_do" // findings exist but none are resolved or active )
ControlStatus constants for derived control states.
Variables ¶
This section is empty.
Functions ¶
func DeriveControlStatuses ¶ added in v0.3.1
DeriveControlStatuses populates DerivedStatus on controls based on linked audit findings. It is safe to call multiple times (idempotent).
func EffectiveStatus ¶ added in v0.3.1
EffectiveStatus returns DerivedStatus if set, otherwise Status.
Types ¶
type Control ¶
type Control struct {
ID string `yaml:"id"`
Title string `yaml:"title"`
Description string `yaml:"description"`
Category string `yaml:"category"` // technical | policy | process | physical
CSFFunction string `yaml:"csf_function"` // identify | protect | detect | respond | recover | govern
Status string `yaml:"status"` // verified | to_do | in_progress | validated
Owner string `yaml:"owner"` // platform | operator | shared
Components []string `yaml:"components,omitempty"`
References []string `yaml:"references,omitempty"`
OperatorResponsibility string `yaml:"operator_responsibility,omitempty"`
// DerivedStatus is computed by the derive step — not persisted in YAML.
// It is set when all findings for this control are resolved with evidence.
DerivedStatus string `yaml:"-"`
}
Control represents a single security control.
type FrameworkCatalog ¶
type FrameworkCatalog struct {
Framework struct {
ID string `yaml:"id"`
Title string `yaml:"title"`
Version string `yaml:"version"`
Source string `yaml:"source"`
} `yaml:"framework"`
Requirements []FrameworkRequirement `yaml:"requirements"`
ByID map[string]*FrameworkRequirement `yaml:"-"`
}
FrameworkCatalog holds the normative requirement text for a framework.
func LoadFrameworkCatalog ¶
func LoadFrameworkCatalog(catalogDir, name string) (*FrameworkCatalog, error)
LoadFrameworkCatalog reads a framework catalog YAML (e.g. catalog/frameworks/eudi-secreq.yaml).
type FrameworkRequirement ¶
type FrameworkRequirement struct {
ID string `yaml:"id"`
Title string `yaml:"title"`
Section string `yaml:"section"`
Description string `yaml:"description"`
}
FrameworkRequirement holds the normative text for one framework requirement.
type Group ¶
type Group struct {
ID string `yaml:"id"`
Title string `yaml:"title"`
Controls []Control `yaml:"-"`
SourceDir string `yaml:"-"` // subdir the group was loaded from (e.g. "technical", "organizational")
}
Group is a named collection of controls.
Source Files