Merge pull request #222 from jonashirner/master

Fixed yaml issues; added missing ISO27k1 mappings; fixed sort by ISO27k1:2022

Author: wurstbrot

src/app/component/mapping/mapping.component.ts

@@ -471,12 +471,16 @@ export class MappingComponent implements OnInit {
         }
       }
       for (var i = 0; i < ISO22Array.length; i++) {
-        this.temporaryMappingElement['ISO22'] = ISO22Array[i];
-        this.allMappingDataSortedByISO22.push(this.temporaryMappingElement);
+        const newTempElement = JSON.parse(
+          JSON.stringify(this.temporaryMappingElement)
+        );
+        newTempElement['ISO22'] = ISO22Array[i];
+        //console.log(newTempElement);
+        this.allMappingDataSortedByISO22.push(newTempElement);
         if (this.YamlObject[dim][subDim][task]['isImplemented']) {
-          this.performedMappingDataSortedByISO22.push(this.temporaryMappingElement);
+          this.performedMappingDataSortedByISO22.push(newTempElement);
         } else {
-          this.plannedMappingDataSortedByISO22.push(this.temporaryMappingElement);
+          this.plannedMappingDataSortedByISO22.push(newTempElement);
         }
       }
       //sorting by descending order

src/assets/YAML/default/CultureAndOrganization/Design.yaml

@@ -39,13 +39,13 @@ Culture and Organization:
         samm2:
         - D-TA-2-B
         iso27001-2017:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 8.2.1
         - 14.2.1
         iso27001-2022:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 5.12
         - 8.25
       isImplemented: false
@@ -67,13 +67,13 @@ Culture and Organization:
         samm2:
         - D-TA-2-B
         iso27001-2017:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 8.2.1
         - 14.2.1
         iso27001-2022:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 5.12
         - 8.25
       isImplemented: false
@@ -144,13 +144,13 @@ Culture and Organization:
         samm2:
         - D-TA-2-B
         iso27001-2017:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 8.2.1
         - 14.2.1
         iso27001-2022:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 5.12
         - 8.25
       isImplemented: false
@@ -175,16 +175,16 @@ Culture and Organization:
         samm2:
         - D-TA-2-B
         iso27001-2017:
-        - not explicitly covered by ISO 27001
-        - may be part of project management
+        - Not explicitly covered by ISO 27001
+        - May be part of project management
         - 6.1.5
-        - may be part of risk assessment
+        - May be part of risk assessment
         - 8.1.2
         iso27001-2022:
-        - not explicitly covered by ISO 27001
-        - may be part of project management
+        - Not explicitly covered by ISO 27001
+        - May be part of project management
         - 5.8
-        - may be part of risk assessment
+        - May be part of risk assessment
         - 5.9
       isImplemented: false
       evidence: ""
@@ -208,16 +208,16 @@ Culture and Organization:
         samm2:
         - D-TA-2-B
         iso27001-2017:
-        - not explicitly covered by ISO 27001
-        - may be part of project management
+        - Not explicitly covered by ISO 27001
+        - May be part of project management
         - 6.1.5
-        - may be part of risk assessment
+        - May be part of risk assessment
         - 8.1.2
         iso27001-2022:
-        - not explicitly covered by ISO 27001
-        - may be part of project management
+        - Not explicitly covered by ISO 27001
+        - May be part of project management
         - 5.8
-        - may be part of risk assessment
+        - May be part of risk assessment
         - 5.9
       isImplemented: false
       evidence: ""
@@ -243,13 +243,13 @@ Culture and Organization:
         samm2:
         - D-TA-3-B
         iso27001-2017:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 8.2.1
         - 14.2.1
         iso27001-2022:
-        - not explicitly covered by ISO 27001
-        - may be part of risk assessment
+        - Not explicitly covered by ISO 27001
+        - May be part of risk assessment
         - 5.12
         - 8.25
       isImplemented: false

src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml

@@ -42,6 +42,8 @@ Culture and Organization:
           - G-EG-3-B
         iso27001-2017:
           - 7.1.1
+        iso27001-2022:
+        - 6.1
       isImplemented: false
       evidence: ""
       comments: ""

src/assets/YAML/default/Implementation/ApplicationHardening.yaml

@@ -11,11 +11,6 @@ Implementation:
         
         in all applications provides a good baseline. Implement 50% of the recommendations.
       difficultyOfImplementation:
-        knowledge: 4
-        time: 4
-        resources: 2
-      usefulness: 4
-      level: 3
         knowledge: 2
         time: 2
         resources: 1
@@ -127,8 +122,11 @@ Implementation:
         samm2:
           - D-SR-2-A
         iso27001-2017:
-          - hardening is not explicitly covered by ISO 27001 - too specific
-          - 13.1.3
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 13.1.3
+        iso27001-2022:
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -156,8 +154,11 @@ Implementation:
         samm2:
           - D-SR-2-A
         iso27001-2017:
-          - hardening is not explicitly covered by ISO 27001 - too specific
-          - 13.1.3
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 13.1.3
+        iso27001-2022:
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -212,8 +213,11 @@ Implementation:
         samm2:
           - D-SR-3-A
         iso27001-2017:
-          - hardening is not explicitly covered by ISO 27001 - too specific
-          - 13.1.3
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 13.1.3
+        iso27001-2022:
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""

src/assets/YAML/default/Implementation/InfrastructureHardening.yaml

@@ -24,7 +24,7 @@ Implementation:
           - 9.2.4
           - 6.1.2   # Segregation of duties.
           - 14.2.1  # Secure development policies.
-          iso27001-2022:
+        iso27001-2022:
           - 5.17    # Authentication information
           - 5.3
           - 8.25
@@ -58,7 +58,7 @@ Implementation:
           - 9.2.4
           - 6.1.2   # Segregation of duties.
           - 14.2.1  # Secure development policies.
-          iso27001-2022:
+        iso27001-2022:
           - 5.17    # Authentication information
           - 5.3
           - 8.25
@@ -414,8 +414,11 @@ Implementation:
         samm2:
           - O-EM-1-A
         iso27001-2017:
-          - system hardening is not explicitly covered by ISO 27001 - too specific
-          - 13.1.3
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 13.1.3
+        iso27001-2022:
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""

src/assets/YAML/default/InformationGathering/Monitoring.yaml

@@ -64,11 +64,11 @@ Information Gathering:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/falco
       references:
         samm2:
-          - O-IM-2-A
+        - O-IM-2-A
         iso27001-2017:
-          - 12.6.1
+        - 12.6.1
         iso27001-2022:
-          - 8.8
+        - 8.8
       isImplemented: false
       evidence: ""
       comments: ""

src/assets/YAML/default/TestAndVerification/Consolidation.yaml

@@ -81,7 +81,7 @@ Test and Verification:
         iso27001-2017:
         - 16.1.4
         iso27001-2022:
-        - I5.25
+        - 5.25
       isImplemented: false
       evidence: ""
       comments: ""

src/assets/YAML/default/TestAndVerification/DynamicDepthForInfrastructure.yaml

@@ -77,8 +77,11 @@ Test and Verification:
       references:
         samm2: []
         iso27001-2017:
-          - 12.5.1
-          - 12.6.1
+        - 12.5.1
+        - 12.6.1
+        iso27001-2022:
+        - 8.19
+        - 8.8
       isImplemented: false
       evidence: ""
       comments: ""