Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GV category to OSPS-GV-xxx numbering #171

Closed
wants to merge 2 commits into from
Closed

Update GV category to OSPS-GV-xxx numbering #171

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
43b04cb
Update GV category to OSPS-DO-xxx numbering
SecurityCRob Jan 27, 2025
e0c54eb
Update OSPS-GV.yaml
SecurityCRob Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 26 additions & 26 deletions baseline/OSPS-GV.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,7 @@ description: |
that the project is well positioned to respond to
both threats and opportunities.
criteria:
- id: OSPS-GV-01
maturity_level: 2
criterion: |
The project documentation MUST include the
Roles and Responsibilities for members of the
project.
rationale: |
Documenting project roles and responsibilities
helps project particpants, potential contributors,
and downstream consumers have an accurate
understand of who is working on the project
and what areas of authority they may have.
implementation: |
Document project participants and their roles
through such artifacts as members.md, governance.md,
maintainers.md, or similar file within the source
code repository of the project.
control_mappings:
BPB: B-S-3, B-S-4
OCRE: 013-021
security_insights_value: # TODO

- id: OSPS-GV-02
- id: OSPS-GV-101
maturity_level: 1
criterion: |
The project MUST have one or more mechanisms
Expand All @@ -55,7 +33,7 @@ criteria:
OCRE:
security_insights_value: # TODO

- id: OSPS-GV-03
- id: OSPS-GV-102
maturity_level: 1
criterion: |
The project documentation MUST include an
Expand All @@ -77,7 +55,29 @@ criteria:
SSDF: PW1.2
security_insights_value: # TODO

- id: OSPS-GV-04
- id: OSPS-GV-201
maturity_level: 2
criterion: |
The project documentation MUST include the
Roles and Responsibilities for members of the
project.
rationale: |
Documenting project roles and responsibilities
helps project particpants, potential contributors,
and downstream consumers have an accurate
understand of who is working on the project
and what areas of authority they may have.
implementation: |
Document project participants and their roles
through such artifacts as members.md, governance.md,
maintainers.md, or similar file within the source
code repository of the project.
control_mappings:
BPB: B-S-3, B-S-4
OCRE: 013-021
security_insights_value: # TODO

- id: OSPS-GV-202
maturity_level: 2
criterion: |
The project documentation MUST include a
Expand Down Expand Up @@ -106,7 +106,7 @@ criteria:
OC: 4.1.2
security_insights_value: # TODO

- id: OSPS-GV-05
- id: OSPS-GV-203
maturity_level: 2
criterion: |
The project documentation MUST have a policy
Expand Down