Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update BR category to OSPS-BR-xxx numbering #169

Closed
wants to merge 2 commits into from
Closed

Update BR category to OSPS-BR-xxx numbering #169

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
774fac7
Update BR criteria to OSPS-BR-xxx numbering
SecurityCRob Jan 27, 2025
3fc6de9
Update OSPS-BR.yaml
SecurityCRob Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 54 additions & 54 deletions baseline/OSPS-BR.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ description: |
vulnerabilities or errors in the software distribution
process.
criteria:
- id: OSPS-BR-01
- id: OSPS-BR-101
maturity_level: 1
criterion: |
The project's build and release pipelines
Expand All @@ -31,8 +31,54 @@ criteria:
CSF: PR.AA-02
OCRE: 483-813, 124-564, 357-352
security_insights_value: # TODO

- id: OSPS-BR-02

- id: OSPS-BR-102
maturity_level: 1
criterion: |
Any websites and version control systems
involved in the project development
MUST be delivered using SSH,
HTTPS, or other encrypted channels.
rationale: |
Protect the confidentiality and integrity
of project source code during development,
reducing the risk of eavesdropping or data
tampering.
details: |
Configure the project's websites and version
control systems to use encrypted channels
such as SSH or HTTPS for data transmission.
control_mappings:
BPB: B-B-11
CRA: 1.2d, 1.2e, 1.2f, 1.2i, 1.2j, 1.2k
SSDF: PO3.2, PS1
OCRE: 483-813, 124-564, 263-184
security_insights_value: # TODO

- id: OSPS-BR-103
maturity_level: 1
criterion: |
Any websites or other services involved in the
distribution of released software assets MUST
be delivered using HTTPS or other encrypted
channels.
rationale: |
Protect the confidentiality and integrity
of release assets consumed by the project's
users, reducing the risk of eavesdropping or
data tampering.
details: |
Configure the project's websites and
distribution services to use encrypted channels
such as HTTPS for data transmission.
control_mappings:
BPB: B-B-11
CRA: 1.2d, 1.2e, 1.2f, 1.2i, 1.2j, 1.2k
SSDF: PO3.2, PS1
OCRE: 483-813, 124-564, 263-184
security_insights_value: # TODO

- id: OSPS-BR-201
maturity_level: 2
criterion: |
All releases and released software assets
Expand All @@ -59,30 +105,7 @@ criteria:
OCRE: 483-813, 124-564
security_insights_value: # TODO

- id: OSPS-BR-03
maturity_level: 1
criterion: |
Any websites and version control systems
involved in the project development
MUST be delivered using SSH,
HTTPS, or other encrypted channels.
rationale: |
Protect the confidentiality and integrity
of project source code during development,
reducing the risk of eavesdropping or data
tampering.
details: |
Configure the project's websites and version
control systems to use encrypted channels
such as SSH or HTTPS for data transmission.
control_mappings:
BPB: B-B-11
CRA: 1.2d, 1.2e, 1.2f, 1.2i, 1.2j, 1.2k
SSDF: PO3.2, PS1
OCRE: 483-813, 124-564, 263-184
security_insights_value: # TODO

- id: OSPS-BR-04
- id: OSPS-BR-202
maturity_level: 2
criterion: |
All released software assets MUST be created
Expand All @@ -106,7 +129,7 @@ criteria:
OCRE: 483-813, 124-564, 347-352, 263-184, 208-355
security_insights_value: project-lifecycle.release-process

- id: OSPS-BR-05
- id: OSPS-BR-203
maturity_level: 2
criterion: |
All build and release pipelines MUST use
Expand All @@ -133,7 +156,7 @@ criteria:
OCRE: 483-813, 124-564, 347-352, 715-334
security_insights_value: # TODO

- id: OSPS-BR-06
- id: OSPS-BR-204
maturity_level: 2
criterion: |
All releases MUST provide a descriptive log
Expand All @@ -160,7 +183,7 @@ criteria:
OCRE: 483-813, 124-564, 745-356
security_insights_value: # TODO

- id: OSPS-BR-08
- id: OSPS-BR-205
maturity_level: 2
criterion: |
All released software assets MUST be signed
Expand All @@ -184,30 +207,7 @@ criteria:
security_insights_value:
Signed-Releases

- id: OSPS-BR-09
maturity_level: 1
criterion: |
Any websites or other services involved in the
distribution of released software assets MUST
be delivered using HTTPS or other encrypted
channels.
rationale: |
Protect the confidentiality and integrity
of release assets consumed by the project's
users, reducing the risk of eavesdropping or
data tampering.
details: |
Configure the project's websites and
distribution services to use encrypted channels
such as HTTPS for data transmission.
control_mappings:
BPB: B-B-11
CRA: 1.2d, 1.2e, 1.2f, 1.2i, 1.2j, 1.2k
SSDF: PO3.2, PS1
OCRE: 483-813, 124-564, 263-184
security_insights_value: # TODO

- id: OSPS-BR-10
- id: OSPS-BR-206
maturity_level: 2
criterion: |
Any websites, API responses or other
Expand Down