Upate controls

squinky86 · Feb 22, 2024 · 477f665 · 477f665
1 parent fae3b39
commit 477f665
Show file tree

Hide file tree

Showing 8 changed files with 713 additions and 1 deletion.
diff --git a/doc/ac.tex b/doc/ac.tex
@@ -369,6 +369,12 @@ \subsection{AC-16 -- Security Attributes}
 
 \subsection{AC-17 -- Remote Access}
 
+\paragraph{Applicable CCIs:} None
+
+\paragraph{Non-Applicable CCIs:} CCI-63, CCI-65, CCI-2310, CI-2311, CCI-2312
+
+STIGQter does not provide any remote access capability, nor does it provide the protection mechanism for any remote access capability. It does not interfere with the system-level remote access protections, nor does it require any modification to them.
+
 \subsubsection{AC-17(2) -- Protection of Confidentiality / Integrity Using Encryption}
 
 \paragraph{Applicable CCIs:} None

diff --git a/doc/ir.tex b/doc/ir.tex
@@ -206,6 +206,18 @@ \subsection{IR-3 -- Incident Response Testing}
 
 Incidents are triaged as they occur. The incident reporting is used as the tests of the reporting procedures. Incident triage occurs in Github issue tracking.
 
+\subsection{IR-8 -- Incident Response Plan}
+
+\paragraph{Non-Applicable CCIs:} CCI-844, CCI-845, CCI-846, CCI-847, CCI-848, CCI-849, CCI-850, CCI-2794, CCI-2795, CCI-2796, CCI-2797, CCI-2798, CCI-2799, CCI-2800, CCI-2801, CCI-2802, CCI-2803, CCI-2804
+
+Control IR-8 applies to the mission-level and organization-level incident response procedures. The STIGQter assessment occurs below the mission, system, and organization level. No incident response procedures are required for systems to implement which choose to associate with the STIGQter assessment. Incident reporting and issue tracking is voluntary and not required.
+
+\subsection{IR-9 -- Information Spillage Response}
+
+\paragraph{Non-Applicable CCIs:} CCI-2805, CCI-2806, CCI-2807, CCI-2808, CCI-2809, CCI-2810, CCI-2811, CCI-2812
+
+STIGQter is not the protection mechanism for any information type. Only publicly available information is contained in it and in its releases.
+
 \clearpage
 \printbibliography
 

diff --git a/doc/main.tex b/doc/main.tex
@@ -337,6 +337,7 @@ \section{RMF Compliance}
 	\item \textattachfile[color=0 0 0]{ir.pdf}{Incident Response}
 	\item \textattachfile[color=0 0 0]{ma.pdf}{Maintenance}
 	\item \textattachfile[color=0 0 0]{mp.pdf}{Media Protection}
+	\item \textattachfile[color=0 0 0]{ps.pdf}{Personnel Security}
 	\item \textattachfile[color=0 0 0]{pl.pdf}{Planning}
 	\item \textattachfile[color=0 0 0]{pm.pdf}{Program Management}
 	\item \textattachfile[color=0 0 0]{se.pdf}{Security}

diff --git a/doc/ps.tex b/doc/ps.tex
@@ -0,0 +1,214 @@
+% Template created by Jon Hood
+
+\documentclass[letterpaper, 10pt, twoside]{article}
+\usepackage{noto}
+\usepackage{fancyhdr}
+\usepackage{graphicx}
+\usepackage{multirow}
+\usepackage[table]{xcolor}
+\usepackage[breaklinks=true]{hyperref}
+\usepackage[letterpaper, top=1in, bottom=1in, left=1.5in, right=1in, includeheadfoot]{geometry}
+\usepackage{wrapfig}
+
+%                Main Variables
+\newcommand{\repdate}{\formatdate{21}{2}{2024}}
+\def \ProjectName{Security Technical Implementation Guide Qt Viewer}
+\def \ProjectAcronym{STIGQter}
+\def \ProjectVersion{1.2.x}
+
+%-------------------------------------------------------------------------------
+%                Header & Footer Setup
+%-------------------------------------------------------------------------------
+\pagestyle{fancy}
+\lhead[\thepage]{\includegraphics[height = 2em]{images/STIGQter.pdf}}
+\chead{\ProjectName\ --- \ProjectVersion}
+\rhead[{\includegraphics[height = 2em]{images/STIGQter.pdf}}]{\thepage}
+\cfoot{\ProjectAcronym\ \ProjectVersion}
+
+\fancypagestyle{blank}
+{
+	\lhead{}
+	\chead{}
+	\rhead{}
+	\cfoot{}
+	\lfoot{}
+}
+
+%-------------------------------------------------------------------------------
+%                Revisions Table
+%-------------------------------------------------------------------------------
+\definecolor{STIGQterBlue}{RGB}{30,72,124}
+\newcounter{RevisionCounter}
+\newenvironment{Revision}{
+	\begin{center}
+		\begin{tabular}{ | c | c | c | p{23em} | }
+			\hline
+			\multicolumn{4}{| c |}{\cellcolor{STIGQterBlue}\textbf{\textcolor{white}{Revision History}}} \\
+			\hline
+			\rowcolor{lightgray}
+			\textbf{Date} & \textbf{Revision} & \textbf{Revised By} & \textbf{Reason} \\
+			\hline
+		}{
+	\end{tabular}
+\end{center}
+}
+\newcommand{\RevisionEntry}[3]{\stepcounter{RevisionCounter}
+	#1 & \Alph{RevisionCounter} & #2 & #3 \\
+	\hline}
+
+%-------------------------------------------------------------------------------
+%                Title Page
+%-------------------------------------------------------------------------------
+\newcommand{\headerlogo}{
+	\includegraphics[width=.3\linewidth]{images/STIGQter.pdf}\\
+	\vspace{.5em}
+}
+\newcommand{\docline}{\textmd{\textbf{STIGQter Personnel Security (PS) Documentation\\}}}
+\newcommand{\generator}{Generated By: Jon Hood}
+\title{
+	\headerlogo
+	\docline
+	\vspace{.5em}
+	\normalsize{\generator}
+}
+
+\author{Jon Hood}
+\date{\repdate}
+
+%-------------------------------------------------------------------------------
+%                PDF metadata
+%-------------------------------------------------------------------------------
+\hypersetup
+{
+	pdfauthor= (Jon Hood),
+	pdftitle =  (STIGQter Personnel Security)
+}
+
+\usepackage{attachfile}
+\usepackage[backend=biber]{biblatex}
+\usepackage{import}
+\usepackage{graphicx}
+\usepackage[utf8]{inputenc}
+\usepackage{url}
+\addbibresource{sources.bib}
+\usepackage{setspace}
+\usepackage{array}
+\usepackage{booktabs}
+\newcolumntype{L}{@{}>{\kern\tabcolsep}l<{\kern\tabcolsep}}
+\usepackage{colortbl}
+\usepackage{xcolor}
+\usepackage{textcomp}
+\usepackage{outlines}
+\usepackage{setspace}
+\usepackage{longtable}
+\usepackage{enumitem}
+\usepackage{listings}
+\usepackage{pgfplots}
+\usepgfplotslibrary{fillbetween}
+\usepackage{datetime}
+\newdateformat{changelog}{\THEMONTH/\THEDAY/\THEYEAR}
+
+\lstdefinestyle{CStyle} {language=C}
+\lstdefinestyle{CSharpStyle} {language=[Sharp]C}
+\lstdefinestyle{PHPStyle} {language=php}
+\lstdefinestyle{JavaStyle} {language=java}
+\lstdefinestyle{BashStyle} {language=bash}
+\lstdefinestyle{SqlStyle} {language=SQL}
+
+\lstset{language=C}
+\lstset{language=[Sharp]C}
+\lstset{language=php}
+\lstset{language=java}
+\lstset{language=bash}
+\lstset{language=SQL}
+
+\newcolumntype{L}[1]{>{\raggedright\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
+\newcolumntype{C}[1]{>{\centering\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
+\newcolumntype{R}[1]{>{\raggedleft\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
+
+%start the document
+\begin{document}
+
+%generate a title page
+\thispagestyle{blank}
+\maketitle
+\newpage
+
+\thispagestyle{blank}
+This page intentionally left blank for 2-sided printing compatibility.
+\newpage
+
+%tell the page counter to restart
+\setcounter{page}{1}
+\pagenumbering{roman} %use lowercase Roman numerals for page numbers
+
+%Revision History page
+\begin{Revision}
+\RevisionEntry{\date{\changelog\formatdate{21}{2}{2024}}}{Jon Hood}{Initial Release of PS Policy}
+\end{Revision}
+\newpage
+
+%generate a table of contents
+\setcounter{tocdepth}{2}
+\tableofcontents
+\cleardoublepage % go to next right-side page
+
+%reset the page counter for the regular pages
+\setcounter{page}{1}
+\doublespacing
+\pagenumbering{arabic} %use standard numbers for the page number
+
+\section{Background}
+
+STIGQter is an open source tool used to perform RMF and STIG compliance mapping. As an open-source application, PS is performed by the STIGQter administrators on GitHub at \url{https://github.com/squinky86/STIGQter}.
+
+\section{Purpose}
+
+This documentation is meant to satisfy Personnel Security (PS) requirements for RMF and detail what pieces of a PS policy may be covered by this application. PS requirements of roles (Section~\ref{sec:roles}) and their responsibilities (Section~\ref{sec:responsibilities}) support authentication of the software.
+
+\section{Scope}
+
+The PS policy details the privacy responsibilities of administrators.
+
+\section{Roles}
+\label{sec:roles}
+
+The following role(s) are defined as being applicable to STIGQter execution:
+\begin{enumerate}
+	\item \textbf{User} -- The user of the software is defined as the individual account given permissions to execute the software.
+\end{enumerate}
+
+The following role(s) are defined as being applicable to STIGQter GitHub administration:
+\begin{enumerate}
+	\item \textbf{Administrator} -- An administrator of the STIGQter GitHub project
+\end{enumerate}
+
+\section{Responsibilities}
+\label{sec:responsibilities}
+
+The Administrator role is responsible for any AR requirements listed here.
+
+\section{Management Commitment}
+
+STIGQter Accountability, Audit, and Risk Management policies are reviewed annually in an approved open source repository for maximum visibility and distribution.
+
+\section{Coordination}
+
+No coordination with other organizations is required to operate this software.
+
+\section{RMF Control Compliance}
+
+All personnel security requirements take place full and open in the Github repository. The nature of open source software is to provide maximum visibility into the PS process.
+
+\subsection{PS-6 -- Access Agreements}
+
+\paragraph{Applicable CCIs:} None
+
+\paragraph{Non-Applicable CCIs:} CCI-1531, CCI-1532, CCI-1533, CCI-3035, CCI-3036, CCI-3037
+
+The software is assessed below the system level. There is no system in the boundary that requires agreements between organizations. As open source software, there are no access restrictions.
+
+\clearpage
+\printbibliography
+
+\end{document}