{ "schema_version": "1.0.0", "protocol": "SWT3", "publisher": "Tenable Nova LLC", "license": "Apache-2.0", "generated_at": "2026-04-02T00:00:00Z", "description": "Universal Control Taxonomy (UCT) Registry. Defines the factor semantics, evaluation rules, and framework cross-references for every SWT3-anchored compliance procedure. Covers NIST 800-53, CMMC, 800-171, FedRAMP, DoD RMF, NIST AI RMF, EU AI Act, SR 11-7, OSHA 1926, and HIPAA.", "fingerprint_formula": "SHA256('WITNESS:' + tenant_id + ':' + procedure_id + ':' + factor_a + ':' + factor_b + ':' + factor_c + ':' + timestamp_ms)[0:12]", "procedures": { "AC-1.1": { "procedure_id": "AC-1.1", "parent_control": "AC-1", "title": "Access Control Policy Document", "category": "linux_infra", "scope": "linux_infra", "check_type": "AC-1_POLICY_DOCUMENT", "factors": { "factor_a": { "label": "max_policy_age_days", "description": "The expected or required value (the standard).", "default": 365 }, "factor_b": { "label": "policy_age_days", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Policy age in days (B) must not exceed max allowed age (A)" }, "frameworks": { "FEDRAMP-HIGH": "AC-1", "FEDRAMP-MOD": "AC-1", "RMF": "AC-1" }, "namespace": "INF" }, "AC-11.1": { "procedure_id": "AC-11.1", "parent_control": "AC-11", "title": "Session Lock - SSH Idle Timeout", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-11_SSH_IDLE_TIMEOUT", "factors": { "factor_a": { "label": "idle_timeout_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "idle_timeout_seconds", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.10", "FEDRAMP-HIGH": "AC-11", "FEDRAMP-MOD": "AC-11", "NIST-800-171": "3.1.10", "RMF": "AC-11" }, "namespace": "INF" }, "AC-17.1": { "procedure_id": "AC-17.1", "parent_control": "AC-17", "title": "Remote Access - SSH Protocol Enforcement", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-17_SSH_PROTOCOL", "factors": { "factor_a": { "label": "nla_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "nla_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.12", "FEDRAMP-HIGH": "AC-17", "FEDRAMP-MOD": "AC-17", "NIST-800-171": "3.1.12", "RMF": "AC-17" }, "namespace": "INF" }, "AC-2.1": { "procedure_id": "AC-2.1", "parent_control": "AC-2", "title": "Account Management - Empty Password Accounts", "category": "linux_infra", "scope": "linux_infra", "check_type": "AC-2_EMPTY_PASSWORDS", "factors": { "factor_a": { "label": "account_management_required", "description": "Whether automated account management controls must be active (1 = required).", "default": 1 }, "factor_b": { "label": "account_management_active", "description": "Whether account lifecycle controls (creation, modification, disabling, removal) are enforced by the system." }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Verifies that system accounts are managed through automated controls, not manual processes. One of three critical gate controls." }, "frameworks": { "CMMC-v2.0": "AC.L1-3.1.1", "FEDRAMP-HIGH": "AC-2", "FEDRAMP-MOD": "AC-2", "NIST-800-171": "3.1.1", "RMF": "AC-2" }, "namespace": "INF" }, "AC-2.2": { "procedure_id": "AC-2.2", "parent_control": "AC-2", "title": "Account Management - UID 0 Accounts", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-2_UID_ZERO", "factors": { "factor_a": { "label": "max_no_password_accounts", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "no_password_accounts", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L1-3.1.1", "FEDRAMP-HIGH": "AC-2", "FEDRAMP-MOD": "AC-2", "NIST-800-171": "3.1.1", "RMF": "AC-2" }, "namespace": "INF" }, "AC-2.3": { "procedure_id": "AC-2.3", "parent_control": "AC-2", "title": "Account Management - Inactive System Accounts", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-2_INACTIVE_ACCOUNTS", "factors": { "factor_a": { "label": "max_interactive_accounts", "description": "The expected or required value (the standard).", "default": 10 }, "factor_b": { "label": "interactive_accounts", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.1", "FEDRAMP-HIGH": "AC-2", "FEDRAMP-MOD": "AC-2", "NIST-800-171": "3.1.1", "RMF": "AC-2" }, "namespace": "INF" }, "AC-3.1": { "procedure_id": "AC-3.1", "parent_control": "AC-3", "title": "Access Enforcement - World-Writable Files in /etc", "category": "linux_infra", "scope": "linux_infra", "check_type": "AC-3_WORLD_WRITABLE", "factors": { "factor_a": { "label": "uac_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "uac_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Access control: denied requests (B) within tolerance (A)" }, "frameworks": { "CMMC-v2.0": "AC.L1-3.1.2", "FEDRAMP-HIGH": "AC-3", "FEDRAMP-MOD": "AC-3", "NIST-800-171": "3.1.2", "RMF": "AC-3" }, "namespace": "INF" }, "AC-3.2": { "procedure_id": "AC-3.2", "parent_control": "AC-3", "title": "Database Access Enforcement - Postgres Row-Level Security", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-3_PG_RLS", "factors": { "factor_a": { "label": "min_rls_policies", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "rls_policies_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": {}, "namespace": "INF" }, "AC-4.1": { "procedure_id": "AC-4.1", "parent_control": "AC-4", "title": "Information Flow - IP Forward Controlled by Firewall", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-4_IP_FORWARDING", "factors": { "factor_a": { "label": "forward_chain_controlled", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "forward_rules_present", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.3", "FEDRAMP-HIGH": "AC-4", "FEDRAMP-MOD": "AC-4", "NIST-800-171": "3.1.3", "RMF": "AC-4" }, "namespace": "INF" }, "AC-5.1": { "procedure_id": "AC-5.1", "parent_control": "AC-5", "title": "Separation of Duties - Root Account Direct Login Disabled", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-5_ROOT_LOCKED", "factors": { "factor_a": { "label": "root_locked_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "root_account_locked", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.4", "FEDRAMP-HIGH": "AC-5", "FEDRAMP-MOD": "AC-5", "NIST-800-171": "3.1.4", "RMF": "AC-5" }, "namespace": "INF" }, "AC-6.1": { "procedure_id": "AC-6.1", "parent_control": "AC-6", "title": "Least Privilege - Sudoers Count", "category": "linux_infra", "scope": "linux_infra", "check_type": "AC-6_SUDOERS_COUNT", "factors": { "factor_a": { "label": "max_sudoers_entries", "description": "The expected or required value (the standard).", "default": 15 }, "factor_b": { "label": "actual_sudoers_entries", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Least privilege: actual access (B) must not exceed authorized limit (A)" }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.5", "FEDRAMP-HIGH": "AC-6", "FEDRAMP-MOD": "AC-6", "NIST-800-171": "3.1.5", "RMF": "AC-6" }, "namespace": "INF" }, "AC-6.2": { "procedure_id": "AC-6.2", "parent_control": "AC-6", "title": "Least Privilege - SUID Binaries Count", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-6_SUID_BINARIES", "factors": { "factor_a": { "label": "max_suid_binaries", "description": "The expected or required value (the standard).", "default": 50 }, "factor_b": { "label": "suid_binaries_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.5", "FEDRAMP-HIGH": "AC-6", "FEDRAMP-MOD": "AC-6", "NIST-800-171": "3.1.5", "RMF": "AC-6" }, "namespace": "INF" }, "AC-6.3": { "procedure_id": "AC-6.3", "parent_control": "AC-6", "title": "Least Privilege - SGID Binaries Count", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-6_SGID_BINARIES", "factors": { "factor_a": { "label": "max_sgid_binaries", "description": "The expected or required value (the standard).", "default": 35 }, "factor_b": { "label": "sgid_binaries_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.5", "FEDRAMP-HIGH": "AC-6", "FEDRAMP-MOD": "AC-6", "NIST-800-171": "3.1.5", "RMF": "AC-6" }, "namespace": "INF" }, "AC-7.1": { "procedure_id": "AC-7.1", "parent_control": "AC-7", "title": "Unsuccessful Logon Attempts - Account Lockout Configured", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-7_ACCOUNT_LOCKOUT", "factors": { "factor_a": { "label": "min_lockout_observation_minutes", "description": "The expected or required value (the standard).", "default": 15 }, "factor_b": { "label": "lockout_observation_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.8", "FEDRAMP-HIGH": "AC-7", "FEDRAMP-MOD": "AC-7", "NIST-800-171": "3.1.8", "RMF": "AC-7" }, "namespace": "INF" }, "AC-8.1": { "procedure_id": "AC-8.1", "parent_control": "AC-8", "title": "System Use Notification - Login Banner", "category": "ACCESS", "scope": "linux_infra", "check_type": "AC-8_LOGIN_BANNER", "factors": { "factor_a": { "label": "dod_banner_content_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "security_banner_phrases_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AC.L2-3.1.9", "FEDRAMP-HIGH": "AC-8", "FEDRAMP-MOD": "AC-8", "NIST-800-171": "3.1.9", "RMF": "AC-8" }, "namespace": "INF" }, "AI-GRD.1": { "procedure_id": "AI-GRD.1", "parent_control": "AI-GRD", "title": "Guardrail Enforcement \u2014 Required Safety Filters Active", "category": "AI", "scope": "ai_governance", "check_type": "AI_GUARDRAIL_ENFORCEMENT", "factors": { "factor_a": { "label": "guardrails_required", "description": "Minimum number of active safety guardrails required (e.g., content filter, PII redaction, toxicity detector).", "default": 0, "regulatory_ref": "EU AI Act Art. 9(2)(a); NIST AI RMF MANAGE 4.1" }, "factor_b": { "label": "guardrails_active", "description": "Number of safety guardrails confirmed active at inference time.", "regulatory_ref": "EU AI Act Art. 9(2)(a); NIST AI RMF MANAGE 4.1" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Verifies that the required safety guardrails were active when the inference executed. A FAIL indicates the model ran without mandatory safety controls." }, "frameworks": { "EU-AI-ACT": "Art.15(3)" }, "namespace": "AI" }, "AI-GRD.2": { "procedure_id": "AI-GRD.2", "parent_control": "AI-GRD", "title": "Content Safety Filter \u2014 Output Classification Passed", "category": "AI", "scope": "ai_governance", "check_type": "AI_CONTENT_SAFETY", "factors": { "factor_a": { "label": "content_safety_required", "description": "Whether content safety filtering must pass (1 = required).", "default": 1, "regulatory_ref": "EU AI Act Art. 9(4)(b); NIST AI RMF GOVERN 1.5" }, "factor_b": { "label": "content_safety_passed", "description": "Whether the inference output passed content safety classification (1 = clean, 0 = refusal or content filter triggered).", "regulatory_ref": "EU AI Act Art. 9(4)(b); NIST AI RMF GOVERN 1.5" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms the model output did not trigger content safety filters (refusal, toxicity, or policy violation). A FAIL creates an immediate alert for human review." }, "frameworks": { "EU-AI-ACT": "Art.15(3)" }, "namespace": "AI" }, "AI-INF.1": { "procedure_id": "AI-INF.1", "parent_control": "AI-INF", "title": "Inference Provenance \u2014 Prompt/Response Hash Capture", "category": "AI", "scope": "ai_governance", "check_type": "AI_INFERENCE_PROVENANCE", "factors": { "factor_a": { "label": "provenance_required", "description": "Whether prompt/response hash capture is required (1 = yes). Proves the inference occurred and was recorded.", "default": 1, "regulatory_ref": "EU AI Act Art. 12(1); NIST AI RMF MEASURE 2.5" }, "factor_b": { "label": "provenance_captured", "description": "Whether the prompt and response were hashed and anchored (1 = captured, 0 = missed).", "regulatory_ref": "EU AI Act Art. 12(1); NIST AI RMF MEASURE 2.5" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms that every AI inference was cryptographically fingerprinted at the point of execution. The prompt and response hashes prove the interaction occurred without retaining the raw content." }, "frameworks": { "EU-AI-ACT": "Art.12(1)" }, "namespace": "AI" }, "AI-INF.2": { "procedure_id": "AI-INF.2", "parent_control": "AI-INF", "title": "Inference Latency \u2014 Response Time Within Threshold", "category": "AI", "scope": "ai_governance", "check_type": "AI_INFERENCE_LATENCY", "factors": { "factor_a": { "label": "latency_threshold_ms", "description": "Maximum acceptable inference latency in milliseconds (e.g., 30000 = 30 seconds). Exceeding this threshold indicates model degradation or resource exhaustion.", "default": 30000, "regulatory_ref": "EU AI Act Art. 15(3); NIST AI RMF MEASURE 2.6" }, "factor_b": { "label": "measured_latency_ms", "description": "Actual round-trip latency of the inference in milliseconds, measured from request initiation to response completion.", "regulatory_ref": "EU AI Act Art. 15(3); NIST AI RMF MEASURE 2.6" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Verifies that the AI model responded within the operational time boundary. Latency spikes may indicate model poisoning, resource contention, or unauthorized model substitution." }, "frameworks": { "EU-AI-ACT": "Art.12(2)" }, "namespace": "AI" }, "AI-MDL.1": { "procedure_id": "AI-MDL.1", "parent_control": "AI-MDL", "title": "Model Weight Integrity \u2014 Deployed Hash Matches Approved", "category": "AI", "scope": "ai_governance", "check_type": "AI_MODEL_INTEGRITY", "factors": { "factor_a": { "label": "model_integrity_required", "description": "Whether model identity verification is required (1 = yes). Ensures the deployed model matches the approved version.", "default": 1, "regulatory_ref": "EU AI Act Art. 9(4)(a); NIST AI RMF GOVERN 1.1" }, "factor_b": { "label": "model_identity_verified", "description": "Whether the model ID returned by the provider matches the requested model (1 = match, 0 = mismatch or unavailable).", "regulatory_ref": "EU AI Act Art. 9(4)(a); NIST AI RMF GOVERN 1.1" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms the AI provider served the exact model version that was requested. Detects unauthorized model swaps, shadow deployments, or provider-side version changes." }, "frameworks": { "EU-AI-ACT": "Art.13(3)(b)" }, "namespace": "AI" }, "AI-MDL.2": { "procedure_id": "AI-MDL.2", "parent_control": "AI-MDL", "title": "Model Version Tracking \u2014 Version Identifier Recorded", "category": "AI", "scope": "ai_governance", "check_type": "AI_MODEL_VERSION", "factors": { "factor_a": { "label": "version_tracking_required", "description": "Whether the model version identifier must be recorded (1 = yes).", "default": 1, "regulatory_ref": "EU AI Act Art. 12(2)(b); NIST AI RMF MANAGE 2.2" }, "factor_b": { "label": "version_recorded", "description": "Whether the model version or system fingerprint was captured in the witness record (1 = recorded, 0 = missing).", "regulatory_ref": "EU AI Act Art. 12(2)(b); NIST AI RMF MANAGE 2.2" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Ensures model version lineage is maintained across all inferences. Required for EU AI Act Article 12 traceability and NIST AI RMF GOVERN function." }, "frameworks": { "EU-AI-ACT": "Art.12(2)(b)" }, "namespace": "AI" }, "AT-1.1": { "procedure_id": "AT-1.1", "parent_control": "AT-1", "title": "Security Awareness Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AT.L2-3.2.1", "FEDRAMP-HIGH": "AT-1", "FEDRAMP-MOD": "AT-1", "NIST-800-171": "3.2.1", "RMF": "AT-1" }, "namespace": "INF" }, "AT-2.1": { "procedure_id": "AT-2.1", "parent_control": "AT-2", "title": "Security Awareness Training", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AT.L2-3.2.1", "FEDRAMP-HIGH": "AT-2", "FEDRAMP-MOD": "AT-2", "NIST-800-171": "3.2.1", "RMF": "AT-2" }, "namespace": "INF" }, "AT-3.1": { "procedure_id": "AT-3.1", "parent_control": "AT-3", "title": "Role-Based Security Training", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AT.L2-3.2.2", "FEDRAMP-HIGH": "AT-3", "FEDRAMP-MOD": "AT-3", "NIST-800-171": "3.2.2", "RMF": "AT-3" }, "namespace": "INF" }, "AT-4.1": { "procedure_id": "AT-4.1", "parent_control": "AT-4", "title": "Training Records", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AT.L2-3.2.3", "FEDRAMP-HIGH": "AT-4", "FEDRAMP-MOD": "AT-4", "NIST-800-171": "3.2.3", "RMF": "AT-4" }, "namespace": "INF" }, "AU-12.1": { "procedure_id": "AU-12.1", "parent_control": "AU-12", "title": "Audit Generation - Auditd Service Active", "category": "linux_infra", "scope": "linux_infra", "check_type": "AU-12_AUDITD_SERVICE", "factors": { "factor_a": { "label": "auditd_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "auditd_active", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Audit generation: system must be generating logs (B >= 1)" }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.1", "FEDRAMP-HIGH": "AU-12", "FEDRAMP-MOD": "AU-12", "NIST-800-171": "3.3.1", "RMF": "AU-12" }, "namespace": "INF" }, "AU-2.1": { "procedure_id": "AU-2.1", "parent_control": "AU-2", "title": "Audit Events - Logging Service Active", "category": "linux_infra", "scope": "linux_infra", "check_type": "AU-2_LOGGING_SERVICE", "factors": { "factor_a": { "label": "audit_logging_required", "description": "Whether system audit logging must be active (1 = required). Maps to NIST AU-2: Audit Events.", "default": 1 }, "factor_b": { "label": "audit_logging_active", "description": "Whether the audit subsystem (auditd/journald) is running and configured to capture security-relevant events." }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms the system records security-relevant audit events. Without this control, no other compliance claim can be independently verified." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.1", "FEDRAMP-HIGH": "AU-2", "FEDRAMP-MOD": "AU-2", "NIST-800-171": "3.3.1", "RMF": "AU-2" }, "namespace": "INF" }, "AU-2.2": { "procedure_id": "AU-2.2", "parent_control": "AU-2", "title": "Database Audit Logging - Postgres Log Connections", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-2_PG_LOG_CONNECTIONS", "factors": { "factor_a": { "label": "log_connections_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "log_connections_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": {}, "namespace": "INF" }, "AU-3.1": { "procedure_id": "AU-3.1", "parent_control": "AU-3", "title": "Content of Audit Records - Auditd Rules Configured", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-3_AUDIT_RULES", "factors": { "factor_a": { "label": "min_logon_audit_policies", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "logon_audit_policies_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.1", "FEDRAMP-HIGH": "AU-3", "FEDRAMP-MOD": "AU-3", "NIST-800-171": "3.3.1", "RMF": "AU-3" }, "namespace": "INF" }, "AU-4.1": { "procedure_id": "AU-4.1", "parent_control": "AU-4", "title": "Audit Storage Capacity - Log Partition Free Percent", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-4_LOG_STORAGE", "factors": { "factor_a": { "label": "min_free_percent", "description": "The expected or required value (the standard).", "default": 20 }, "factor_b": { "label": "actual_free_percent", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.4", "FEDRAMP-HIGH": "AU-4", "FEDRAMP-MOD": "AU-4", "NIST-800-171": "3.3.4", "RMF": "AU-4" }, "namespace": "INF" }, "AU-5.1": { "procedure_id": "AU-5.1", "parent_control": "AU-5", "title": "Response to Audit Failures - Disk Full Action Configured", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-5_DISK_FULL_ACTION", "factors": { "factor_a": { "label": "disk_full_action_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "disk_full_action_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.4", "FEDRAMP-HIGH": "AU-5", "FEDRAMP-MOD": "AU-5", "NIST-800-171": "3.3.4", "RMF": "AU-5" }, "namespace": "INF" }, "AU-6.1": { "procedure_id": "AU-6.1", "parent_control": "AU-6", "title": "Audit Review - Log Rotation Configured", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-6_LOG_ROTATION", "factors": { "factor_a": { "label": "min_logrotate_configs", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "logrotate_configs_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.5", "FEDRAMP-HIGH": "AU-6", "FEDRAMP-MOD": "AU-6", "NIST-800-171": "3.3.5", "RMF": "AU-6" }, "namespace": "INF" }, "AU-8.1": { "procedure_id": "AU-8.1", "parent_control": "AU-8", "title": "Time Stamps - NTP Synchronization Active", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-8_NTP_SYNC", "factors": { "factor_a": { "label": "ntp_sync_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "ntp_synchronized", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.7", "FEDRAMP-HIGH": "AU-8", "FEDRAMP-MOD": "AU-8", "NIST-800-171": "3.3.7", "RMF": "AU-8" }, "namespace": "INF" }, "AU-9.1": { "procedure_id": "AU-9.1", "parent_control": "AU-9", "title": "Protection of Audit Information - Log File Permissions", "category": "AUDIT", "scope": "linux_infra", "check_type": "AU-9_LOG_PERMISSIONS", "factors": { "factor_a": { "label": "min_security_log_kb", "description": "The expected or required value (the standard).", "default": 1024 }, "factor_b": { "label": "security_log_size_kb", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "AU.L2-3.3.8", "FEDRAMP-HIGH": "AU-9", "FEDRAMP-MOD": "AU-9", "NIST-800-171": "3.3.8", "RMF": "AU-9" }, "namespace": "INF" }, "CM-2.1": { "procedure_id": "CM-2.1", "parent_control": "CM-2", "title": "Baseline Configuration - Installed Packages Count", "category": "linux_infra", "scope": "linux_infra", "check_type": "CM-2_INSTALLED_PACKAGES", "factors": { "factor_a": { "label": "max_installed_features", "description": "The expected or required value (the standard).", "default": 50 }, "factor_b": { "label": "installed_features", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Configuration: drift count (B) must not exceed tolerance (A)" }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.1", "FEDRAMP-HIGH": "CM-2", "FEDRAMP-MOD": "CM-2", "NIST-800-171": "3.4.1", "RMF": "CM-2" }, "namespace": "INF" }, "CM-3.1": { "procedure_id": "CM-3.1", "parent_control": "CM-3", "title": "Configuration Change Control - Cron Jobs Count", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-3_CRON_JOBS", "factors": { "factor_a": { "label": "max_scheduled_tasks", "description": "The expected or required value (the standard).", "default": 80 }, "factor_b": { "label": "active_scheduled_tasks", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.3", "FEDRAMP-HIGH": "CM-3", "FEDRAMP-MOD": "CM-3", "NIST-800-171": "3.4.3", "RMF": "CM-3" }, "namespace": "INF" }, "CM-5.1": { "procedure_id": "CM-5.1", "parent_control": "CM-5", "title": "Access Restrictions for Change - /etc Owned by Root", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-5_ETC_OWNERSHIP", "factors": { "factor_a": { "label": "max_non_root_etc_files", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "non_root_etc_files", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.5", "FEDRAMP-HIGH": "CM-5", "FEDRAMP-MOD": "CM-5", "NIST-800-171": "3.4.5", "RMF": "CM-5" }, "namespace": "INF" }, "CM-6.1": { "procedure_id": "CM-6.1", "parent_control": "CM-6", "title": "Configuration Settings - SSH Root Login Disabled", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-6_SSH_ROOT_LOGIN", "factors": { "factor_a": { "label": "smbv1_disabled_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "smbv1_disabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.2", "FEDRAMP-HIGH": "CM-6", "FEDRAMP-MOD": "CM-6", "NIST-800-171": "3.4.2", "RMF": "CM-6" }, "namespace": "INF" }, "CM-6.2": { "procedure_id": "CM-6.2", "parent_control": "CM-6", "title": "Configuration Settings - SSH Password Auth Disabled", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-6_SSH_PASSWORD_AUTH", "factors": { "factor_a": { "label": "script_block_logging_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "script_block_logging_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.2", "FEDRAMP-HIGH": "CM-6", "FEDRAMP-MOD": "CM-6", "NIST-800-171": "3.4.2", "RMF": "CM-6" }, "namespace": "INF" }, "CM-6.3": { "procedure_id": "CM-6.3", "parent_control": "CM-6", "title": "Configuration Settings - Core Dumps Disabled", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-6_CORE_DUMPS", "factors": { "factor_a": { "label": "unencrypted_traffic_max", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "unencrypted_traffic_allowed", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.2", "FEDRAMP-HIGH": "CM-6", "FEDRAMP-MOD": "CM-6", "NIST-800-171": "3.4.2", "RMF": "CM-6" }, "namespace": "INF" }, "CM-6.4": { "procedure_id": "CM-6.4", "parent_control": "CM-6", "title": "Configuration Settings - SSH MaxAuthTries", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-6_SSH_MAXAUTHTRIES", "factors": { "factor_a": { "label": "wdigest_disabled_required", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "wdigest_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.2", "FEDRAMP-HIGH": "CM-6", "FEDRAMP-MOD": "CM-6", "NIST-800-171": "3.4.2", "RMF": "CM-6" }, "namespace": "INF" }, "CM-7.1": { "procedure_id": "CM-7.1", "parent_control": "CM-7", "title": "Least Functionality - Running Services Count", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-7_RUNNING_SERVICES", "factors": { "factor_a": { "label": "spooler_stopped_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "spooler_stopped", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.6", "FEDRAMP-HIGH": "CM-7", "FEDRAMP-MOD": "CM-7", "NIST-800-171": "3.4.6", "RMF": "CM-7" }, "namespace": "INF" }, "CM-7.2": { "procedure_id": "CM-7.2", "parent_control": "CM-7", "title": "Least Functionality - Unnecessary Network Protocols", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-7_UNNECESSARY_PROTOCOLS", "factors": { "factor_a": { "label": "ftp_service_max", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "ftp_service_present", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.7", "FEDRAMP-HIGH": "CM-7", "FEDRAMP-MOD": "CM-7", "NIST-800-171": "3.4.7", "RMF": "CM-7" }, "namespace": "INF" }, "CM-7.3": { "procedure_id": "CM-7.3", "parent_control": "CM-7", "title": "Least Functionality - Open Listening Ports", "category": "CONFIGURATION", "scope": "linux_infra", "check_type": "CM-7_LISTENING_PORTS", "factors": { "factor_a": { "label": "max_privileged_containers", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "privileged_containers_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CM.L2-3.4.8", "FEDRAMP-HIGH": "CM-7", "FEDRAMP-MOD": "CM-7", "NIST-800-171": "3.4.8", "RMF": "CM-7" }, "namespace": "INF" }, "CP-1.1": { "procedure_id": "CP-1.1", "parent_control": "CP-1", "title": "Contingency Planning Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RE.L2-3.8.9", "FEDRAMP-HIGH": "CP-1", "FEDRAMP-MOD": "CP-1", "NIST-800-171": "3.8.9", "RMF": "CP-1" }, "namespace": "INF" }, "CP-2.1": { "procedure_id": "CP-2.1", "parent_control": "CP-2", "title": "Contingency Plan", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RE.L2-3.8.9", "FEDRAMP-HIGH": "CP-2", "FEDRAMP-MOD": "CP-2", "NIST-800-171": "3.8.9", "RMF": "CP-2" }, "namespace": "INF" }, "CP-3.1": { "procedure_id": "CP-3.1", "parent_control": "CP-3", "title": "Contingency Training", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RE.L2-3.8.9", "FEDRAMP-HIGH": "CP-3", "FEDRAMP-MOD": "CP-3", "NIST-800-171": "3.8.9", "RMF": "CP-3" }, "namespace": "INF" }, "CP-4.1": { "procedure_id": "CP-4.1", "parent_control": "CP-4", "title": "Contingency Plan Testing", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RE.L2-3.8.9", "FEDRAMP-HIGH": "CP-4", "FEDRAMP-MOD": "CP-4", "NIST-800-171": "3.8.9", "RMF": "CP-4" }, "namespace": "INF" }, "CP-9.1": { "procedure_id": "CP-9.1", "parent_control": "CP-9", "title": "Information System Backup", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RE.L2-3.8.9", "FEDRAMP-HIGH": "CP-9", "FEDRAMP-MOD": "CP-9", "NIST-800-171": "3.8.9", "RMF": "CP-9" }, "namespace": "INF" }, "IA-2.1": { "procedure_id": "IA-2.1", "parent_control": "IA-2", "title": "Identification and Authentication - SSH Key Auth Enabled", "category": "linux_infra", "scope": "linux_infra", "check_type": "IA-2_SSH_KEY_AUTH", "factors": { "factor_a": { "label": "mfa_enforcement_required", "description": "Whether multi-factor authentication must be enforced for privileged access (1 = required).", "default": 1 }, "factor_b": { "label": "mfa_enforcement_active", "description": "Whether MFA is configured and enforced on the authentication system (1 = active, 0 = disabled or not configured)." }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms multi-factor authentication is enforced for all privileged access. One of three critical gate controls (with SC-7.7 and AC-2.1)." }, "frameworks": { "CMMC-v2.0": "IA.L1-3.5.1", "FEDRAMP-HIGH": "IA-2", "FEDRAMP-MOD": "IA-2", "NIST-800-171": "3.5.1", "RMF": "IA-2" }, "namespace": "INF" }, "IA-2.2": { "procedure_id": "IA-2.2", "parent_control": "IA-2", "title": "Multi-Factor Authentication - PAM MFA Module", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-2_MFA_MODULE", "factors": { "factor_a": { "label": "mfa_module_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "mfa_modules_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.3", "FEDRAMP-HIGH": "IA-2", "FEDRAMP-MOD": "IA-2", "NIST-800-171": "3.5.3", "RMF": "IA-2" }, "namespace": "INF" }, "IA-2.3": { "procedure_id": "IA-2.3", "parent_control": "IA-2", "title": "Administrative Account Inventory - Sudo/Root Group Members", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-2_ADMIN_INVENTORY", "factors": { "factor_a": { "label": "max_admin_users", "description": "The expected or required value (the standard).", "default": 5 }, "factor_b": { "label": "admin_users_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "FEDRAMP-HIGH": "IA-2", "FEDRAMP-MOD": "IA-2", "RMF": "IA-2" }, "namespace": "INF" }, "IA-4.1": { "procedure_id": "IA-4.1", "parent_control": "IA-4", "title": "Identifier Management - No Duplicate UIDs", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-4_DUPLICATE_UIDS", "factors": { "factor_a": { "label": "guest_disabled_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "guest_account_disabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L1-3.5.2", "FEDRAMP-HIGH": "IA-4", "FEDRAMP-MOD": "IA-4", "NIST-800-171": "3.5.2", "RMF": "IA-4" }, "namespace": "INF" }, "IA-4.2": { "procedure_id": "IA-4.2", "parent_control": "IA-4", "title": "Identifier Management - No Duplicate GIDs", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-4_DUPLICATE_GIDS", "factors": { "factor_a": { "label": "admin_renamed_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "admin_renamed", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L1-3.5.2", "FEDRAMP-HIGH": "IA-4", "FEDRAMP-MOD": "IA-4", "NIST-800-171": "3.5.2", "RMF": "IA-4" }, "namespace": "INF" }, "IA-5.1": { "procedure_id": "IA-5.1", "parent_control": "IA-5", "title": "Authenticator Management - Password Minimum Length", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-5_PASSWORD_MIN_LENGTH", "factors": { "factor_a": { "label": "min_password_length_required", "description": "The expected or required value (the standard).", "default": 14 }, "factor_b": { "label": "min_password_length_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.7", "FEDRAMP-HIGH": "IA-5", "FEDRAMP-MOD": "IA-5", "NIST-800-171": "3.5.7", "RMF": "IA-5" }, "namespace": "INF" }, "IA-5.2": { "procedure_id": "IA-5.2", "parent_control": "IA-5", "title": "Authenticator Management - PAM Password Quality Module", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-5_PAM_PASSWORD_QUALITY", "factors": { "factor_a": { "label": "complexity_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "complexity_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.7", "FEDRAMP-HIGH": "IA-5", "FEDRAMP-MOD": "IA-5", "NIST-800-171": "3.5.7", "RMF": "IA-5" }, "namespace": "INF" }, "IA-5.3": { "procedure_id": "IA-5.3", "parent_control": "IA-5", "title": "Authenticator Management - Password Maximum Age", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-5_PASSWORD_MAX_AGE", "factors": { "factor_a": { "label": "max_password_age_days", "description": "The expected or required value (the standard).", "default": 60 }, "factor_b": { "label": "configured_max_age_days", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.8", "FEDRAMP-HIGH": "IA-5", "FEDRAMP-MOD": "IA-5", "NIST-800-171": "3.5.8", "RMF": "IA-5" }, "namespace": "INF" }, "IA-5.4": { "procedure_id": "IA-5.4", "parent_control": "IA-5", "title": "Authenticator Management - Password History Enforced", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-5_PASSWORD_HISTORY", "factors": { "factor_a": { "label": "min_password_history", "description": "The expected or required value (the standard).", "default": 24 }, "factor_b": { "label": "password_history_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.8", "FEDRAMP-HIGH": "IA-5", "FEDRAMP-MOD": "IA-5", "NIST-800-171": "3.5.8", "RMF": "IA-5" }, "namespace": "INF" }, "IA-5.5": { "procedure_id": "IA-5.5", "parent_control": "IA-5", "title": "Authenticator Management - Password Minimum Age", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-5_PASSWORD_MIN_AGE", "factors": { "factor_a": { "label": "min_password_age_days", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "configured_min_age_days", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.9", "FEDRAMP-HIGH": "IA-5", "FEDRAMP-MOD": "IA-5", "NIST-800-171": "3.5.9", "RMF": "IA-5" }, "namespace": "INF" }, "IA-5.6": { "procedure_id": "IA-5.6", "parent_control": "IA-5", "title": "Authenticator Management - Password Warn Age", "category": "ACCESS", "scope": "linux_infra", "check_type": "IA-5_PASSWORD_WARN_AGE", "factors": { "factor_a": { "label": "min_lockout_duration_minutes", "description": "The expected or required value (the standard).", "default": 15 }, "factor_b": { "label": "lockout_duration_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "IA.L2-3.5.10", "FEDRAMP-HIGH": "IA-5", "FEDRAMP-MOD": "IA-5", "NIST-800-171": "3.5.10", "RMF": "IA-5" }, "namespace": "INF" }, "IR-1.1": { "procedure_id": "IR-1.1", "parent_control": "IR-1", "title": "Incident Response Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Organization maintains incident response policy with annual review" }, "frameworks": { "CMMC-v2.0": "IR.L2-3.6.1", "FEDRAMP-HIGH": "IR-1", "FEDRAMP-MOD": "IR-1", "NIST-800-171": "3.6.1", "RMF": "IR-1" }, "namespace": "INF" }, "IR-2.1": { "procedure_id": "IR-2.1", "parent_control": "IR-2", "title": "Incident Response Training", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Organization provides incident response training per assigned roles" }, "frameworks": { "CMMC-v2.0": "IR.L2-3.6.2", "FEDRAMP-HIGH": "IR-2", "FEDRAMP-MOD": "IR-2", "NIST-800-171": "3.6.2", "RMF": "IR-2" }, "namespace": "INF" }, "IR-4.1": { "procedure_id": "IR-4.1", "parent_control": "IR-4", "title": "Incident Handling", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Organization implements incident handling capability (prepare/detect/analyze/contain/eradicate/recover)" }, "frameworks": { "CMMC-v2.0": "IR.L2-3.6.1", "FEDRAMP-HIGH": "IR-4", "FEDRAMP-MOD": "IR-4", "NIST-800-171": "3.6.1", "RMF": "IR-4" }, "namespace": "INF" }, "IR-5.1": { "procedure_id": "IR-5.1", "parent_control": "IR-5", "title": "Incident Monitoring", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Organization tracks and documents security incidents on an ongoing basis" }, "frameworks": { "CMMC-v2.0": "IR.L2-3.6.1", "FEDRAMP-HIGH": "IR-5", "FEDRAMP-MOD": "IR-5", "NIST-800-171": "3.6.1", "RMF": "IR-5" }, "namespace": "INF" }, "IR-6.1": { "procedure_id": "IR-6.1", "parent_control": "IR-6", "title": "Incident Reporting", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Organization requires timely incident reporting to response team and external authorities" }, "frameworks": { "CMMC-v2.0": "IR.L2-3.6.2", "FEDRAMP-HIGH": "IR-6", "FEDRAMP-MOD": "IR-6", "NIST-800-171": "3.6.2", "RMF": "IR-6" }, "namespace": "INF" }, "IR-8.1": { "procedure_id": "IR-8.1", "parent_control": "IR-8", "title": "Incident Response Plan", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Organization develops and maintains an incident response plan reviewed by the AO" }, "frameworks": { "CMMC-v2.0": "IR.L2-3.6.3", "FEDRAMP-HIGH": "IR-8", "FEDRAMP-MOD": "IR-8", "NIST-800-171": "3.6.3", "RMF": "IR-8" }, "namespace": "INF" }, "MA-1.1": { "procedure_id": "MA-1.1", "parent_control": "MA-1", "title": "Maintenance Policy Document", "category": "linux_infra", "scope": "linux_infra", "check_type": "MA-1_POLICY_DOCUMENT", "factors": { "factor_a": { "label": "max_policy_age_days", "description": "The expected or required value (the standard).", "default": 365 }, "factor_b": { "label": "policy_age_days", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Policy age (B) must not exceed max (A)" }, "frameworks": { "FEDRAMP-HIGH": "MA-1", "FEDRAMP-MOD": "MA-1", "RMF": "MA-1" }, "namespace": "INF" }, "MA-2.1": { "procedure_id": "MA-2.1", "parent_control": "MA-2", "title": "Controlled Maintenance", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: maintenance is scheduled and documented" }, "frameworks": { "FEDRAMP-HIGH": "MA-2", "FEDRAMP-MOD": "MA-2", "NIST-800-171": "3.7.1", "RMF": "MA-2" }, "namespace": "INF" }, "MA-3.1": { "procedure_id": "MA-3.1", "parent_control": "MA-3", "title": "Maintenance Tools - Integrity Tools Installed", "category": "linux_infra", "scope": "linux_infra", "check_type": "MA-3_INTEGRITY_TOOLS", "factors": { "factor_a": { "label": "min_integrity_tools", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "integrity_tools_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Integrity tools found (B) must meet minimum (A)" }, "frameworks": { "FEDRAMP-HIGH": "MA-3", "FEDRAMP-MOD": "MA-3", "NIST-800-171": "3.7.2", "RMF": "MA-3" }, "namespace": "INF" }, "MA-3.2": { "procedure_id": "MA-3.2", "parent_control": "MA-3", "title": "Maintenance Tool Inspection", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: tools inspected before use" }, "frameworks": { "FEDRAMP-HIGH": "MA-3", "FEDRAMP-MOD": "MA-3", "RMF": "MA-3" }, "namespace": "INF" }, "MA-5.1": { "procedure_id": "MA-5.1", "parent_control": "MA-5", "title": "Maintenance Personnel Authorization", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: personnel authorized and supervised" }, "frameworks": { "FEDRAMP-HIGH": "MA-5", "FEDRAMP-MOD": "MA-5", "NIST-800-171": "3.7.3", "RMF": "MA-5" }, "namespace": "INF" }, "MA-6.1": { "procedure_id": "MA-6.1", "parent_control": "MA-6", "title": "Timely Maintenance - Recent Maintenance Activity", "category": "linux_infra", "scope": "linux_infra", "check_type": "MA-6_TIMELY_MAINTENANCE", "factors": { "factor_a": { "label": "min_maintenance_events", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "maintenance_events_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Maintenance events (B) must meet minimum (A)" }, "frameworks": { "FEDRAMP-HIGH": "MA-6", "FEDRAMP-MOD": "MA-6", "NIST-800-171": "3.7.6", "RMF": "MA-6" }, "namespace": "INF" }, "MP-1.1": { "procedure_id": "MP-1.1", "parent_control": "MP-1", "title": "Media Protection Policy Document", "category": "linux_infra", "scope": "linux_infra", "check_type": "MP-1_POLICY_DOCUMENT", "factors": { "factor_a": { "label": "max_policy_age_days", "description": "The expected or required value (the standard).", "default": 365 }, "factor_b": { "label": "policy_age_days", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Policy age (B) must not exceed max (A)" }, "frameworks": { "FEDRAMP-HIGH": "MP-1", "FEDRAMP-MOD": "MP-1", "NIST-800-171": "3.8.1", "RMF": "MP-1" }, "namespace": "INF" }, "MP-2.1": { "procedure_id": "MP-2.1", "parent_control": "MP-2", "title": "Media Access Control - USB Block Devices", "category": "linux_infra", "scope": "linux_infra", "check_type": "MP-2_USB_DEVICES", "factors": { "factor_a": { "label": "max_usb_block_devices", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "usb_block_devices", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "USB devices (B) must not exceed max (A)" }, "frameworks": { "FEDRAMP-HIGH": "MP-2", "FEDRAMP-MOD": "MP-2", "NIST-800-171": "3.8.2", "RMF": "MP-2" }, "namespace": "INF" }, "MP-3.1": { "procedure_id": "MP-3.1", "parent_control": "MP-3", "title": "Media Marking", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: CUI media properly marked" }, "frameworks": { "FEDRAMP-HIGH": "MP-3", "FEDRAMP-MOD": "MP-3", "NIST-800-171": "3.8.3", "RMF": "MP-3" }, "namespace": "INF" }, "MP-4.1": { "procedure_id": "MP-4.1", "parent_control": "MP-4", "title": "Media Storage", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: CUI media in controlled areas" }, "frameworks": { "FEDRAMP-HIGH": "MP-4", "FEDRAMP-MOD": "MP-4", "NIST-800-171": "3.8.4", "RMF": "MP-4" }, "namespace": "INF" }, "MP-5.1": { "procedure_id": "MP-5.1", "parent_control": "MP-5", "title": "Media Transport Encryption", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: CUI encrypted during transport" }, "frameworks": { "FEDRAMP-HIGH": "MP-5", "FEDRAMP-MOD": "MP-5", "NIST-800-171": "3.8.5", "RMF": "MP-5" }, "namespace": "INF" }, "MP-6.1": { "procedure_id": "MP-6.1", "parent_control": "MP-6", "title": "Media Sanitization - Sanitization Tools Available", "category": "linux_infra", "scope": "linux_infra", "check_type": "MP-6_SANITIZATION_TOOLS", "factors": { "factor_a": { "label": "min_sanitization_tools", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "sanitization_tools_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Sanitization tools (B) must meet minimum (A)" }, "frameworks": { "FEDRAMP-HIGH": "MP-6", "FEDRAMP-MOD": "MP-6", "NIST-800-171": "3.8.6", "RMF": "MP-6" }, "namespace": "INF" }, "MP-7.1": { "procedure_id": "MP-7.1", "parent_control": "MP-7", "title": "Removable Media Usage - USB Storage Module Blocked", "category": "linux_infra", "scope": "linux_infra", "check_type": "MP-7_USB_STORAGE_BLOCKED", "factors": { "factor_a": { "label": "max_usb_storage_modules", "description": "The expected or required value (the standard).", "default": 0 }, "factor_b": { "label": "usb_storage_modules_loaded", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "USB storage modules (B) must not exceed max (A)" }, "frameworks": { "FEDRAMP-HIGH": "MP-7", "FEDRAMP-MOD": "MP-7", "NIST-800-171": "3.8.7", "RMF": "MP-7" }, "namespace": "INF" }, "MP-8.1": { "procedure_id": "MP-8.1", "parent_control": "MP-8", "title": "Media Disposal", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Attestation: media disposal procedures followed" }, "frameworks": { "FEDRAMP-HIGH": "MP-8", "FEDRAMP-MOD": "MP-8", "RMF": "MP-8" }, "namespace": "INF" }, "PE-1.1": { "procedure_id": "PE-1.1", "parent_control": "PE-1", "title": "Physical Access Control", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PE.L1-3.10.1", "FEDRAMP-HIGH": "PE-1", "FEDRAMP-MOD": "PE-1", "NIST-800-171": "3.10.1", "RMF": "PE-1" }, "namespace": "INF" }, "PE-10.1": { "procedure_id": "PE-10.1", "parent_control": "PE-10", "title": "Emergency Power", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PE.L2-3.10.3", "FEDRAMP-HIGH": "PE-10", "FEDRAMP-MOD": "PE-10", "NIST-800-171": "3.10.3", "RMF": "PE-10" }, "namespace": "INF" }, "PE-13.1": { "procedure_id": "PE-13.1", "parent_control": "PE-13", "title": "Fire Protection", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PE.L2-3.10.6", "FEDRAMP-HIGH": "PE-13", "FEDRAMP-MOD": "PE-13", "NIST-800-171": "3.10.6", "RMF": "PE-13" }, "namespace": "INF" }, "PE-6.1": { "procedure_id": "PE-6.1", "parent_control": "PE-6", "title": "Physical Monitoring", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PE.L1-3.10.2", "FEDRAMP-HIGH": "PE-6", "FEDRAMP-MOD": "PE-6", "NIST-800-171": "3.10.2", "RMF": "PE-6" }, "namespace": "INF" }, "PL-1.1": { "procedure_id": "PL-1.1", "parent_control": "PL-1", "title": "Security Planning Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CA.L2-3.12.1", "FEDRAMP-HIGH": "PL-1", "FEDRAMP-MOD": "PL-1", "NIST-800-171": "3.12.1", "RMF": "PL-1" }, "namespace": "INF" }, "PL-2.1": { "procedure_id": "PL-2.1", "parent_control": "PL-2", "title": "System Security Plan", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CA.L2-3.12.4", "FEDRAMP-HIGH": "PL-2", "FEDRAMP-MOD": "PL-2", "NIST-800-171": "3.12.4", "RMF": "PL-2" }, "namespace": "INF" }, "PL-4.1": { "procedure_id": "PL-4.1", "parent_control": "PL-4", "title": "Rules of Behavior", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CA.L2-3.12.4", "FEDRAMP-HIGH": "PL-4", "FEDRAMP-MOD": "PL-4", "NIST-800-171": "3.12.4", "RMF": "PL-4" }, "namespace": "INF" }, "PS-1.1": { "procedure_id": "PS-1.1", "parent_control": "PS-1", "title": "Personnel Security Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "max_policy_age_days", "description": "The expected or required value (the standard).", "default": 365 }, "factor_b": { "label": "policy_age_days", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PS.L2-3.9.1", "FEDRAMP-HIGH": "PS-1", "FEDRAMP-MOD": "PS-1", "NIST-800-171": "3.9.1", "RMF": "PS-1" }, "namespace": "INF" }, "PS-3.1": { "procedure_id": "PS-3.1", "parent_control": "PS-3", "title": "Personnel Screening", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PS.L2-3.9.1", "FEDRAMP-HIGH": "PS-3", "FEDRAMP-MOD": "PS-3", "NIST-800-171": "3.9.1", "RMF": "PS-3" }, "namespace": "INF" }, "PS-4.1": { "procedure_id": "PS-4.1", "parent_control": "PS-4", "title": "Personnel Termination", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PS.L2-3.9.2", "FEDRAMP-HIGH": "PS-4", "FEDRAMP-MOD": "PS-4", "NIST-800-171": "3.9.2", "RMF": "PS-4" }, "namespace": "INF" }, "PS-5.1": { "procedure_id": "PS-5.1", "parent_control": "PS-5", "title": "Personnel Transfer", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "PS.L2-3.9.2", "FEDRAMP-HIGH": "PS-5", "FEDRAMP-MOD": "PS-5", "NIST-800-171": "3.9.2", "RMF": "PS-5" }, "namespace": "INF" }, "RA-1.1": { "procedure_id": "RA-1.1", "parent_control": "RA-1", "title": "Risk Assessment Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RA.L2-3.11.1", "FEDRAMP-HIGH": "RA-1", "FEDRAMP-MOD": "RA-1", "NIST-800-171": "3.11.1", "RMF": "RA-1" }, "namespace": "INF" }, "RA-3.1": { "procedure_id": "RA-3.1", "parent_control": "RA-3", "title": "Risk Assessment", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RA.L2-3.11.1", "FEDRAMP-HIGH": "RA-3", "FEDRAMP-MOD": "RA-3", "NIST-800-171": "3.11.1", "RMF": "RA-3" }, "namespace": "INF" }, "RA-5.1": { "procedure_id": "RA-5.1", "parent_control": "RA-5", "title": "Vulnerability Scanning", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "RA.L2-3.11.2", "FEDRAMP-HIGH": "RA-5", "FEDRAMP-MOD": "RA-5", "NIST-800-171": "3.11.2", "RMF": "RA-5" }, "namespace": "INF" }, "SA-1.1": { "procedure_id": "SA-1.1", "parent_control": "SA-1", "title": "System Acquisition Policy", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CA.L2-3.12.1", "FEDRAMP-HIGH": "SA-1", "FEDRAMP-MOD": "SA-1", "NIST-800-171": "3.12.1", "RMF": "SA-1" }, "namespace": "INF" }, "SA-4.1": { "procedure_id": "SA-4.1", "parent_control": "SA-4", "title": "Acquisition Process", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CA.L2-3.12.2", "FEDRAMP-HIGH": "SA-4", "FEDRAMP-MOD": "SA-4", "NIST-800-171": "3.12.2", "RMF": "SA-4" }, "namespace": "INF" }, "SA-9.1": { "procedure_id": "SA-9.1", "parent_control": "SA-9", "title": "External System Services", "category": "attestation_policy", "scope": "attestation_policy", "check_type": "attestation", "factors": { "factor_a": { "label": "", "description": "The expected or required value (the standard).", "default": "" }, "factor_b": { "label": "", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "CA.L2-3.12.3", "FEDRAMP-HIGH": "SA-9", "FEDRAMP-MOD": "SA-9", "NIST-800-171": "3.12.3", "RMF": "SA-9" }, "namespace": "INF" }, "SC-10.1": { "procedure_id": "SC-10.1", "parent_control": "SC-10", "title": "Network Disconnect - TCP Keepalive Configuration", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-10_TCP_KEEPALIVE", "factors": { "factor_a": { "label": "max_keepalive_seconds", "description": "The expected or required value (the standard).", "default": 600 }, "factor_b": { "label": "keepalive_seconds", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L2-3.13.9", "FEDRAMP-HIGH": "SC-10", "FEDRAMP-MOD": "SC-10", "NIST-800-171": "3.13.9", "RMF": "SC-10" }, "namespace": "INF" }, "SC-12.1": { "procedure_id": "SC-12.1", "parent_control": "SC-12", "title": "Cryptographic Key Management - SSH Crypto Settings", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-12_SSH_CRYPTO", "factors": { "factor_a": { "label": "min_crypto_settings", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "crypto_settings_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L2-3.13.10", "FEDRAMP-HIGH": "SC-12", "FEDRAMP-MOD": "SC-12", "NIST-800-171": "3.13.10", "RMF": "SC-12" }, "namespace": "INF" }, "SC-28.1": { "procedure_id": "SC-28.1", "parent_control": "SC-28", "title": "Protection of Information at Rest - Encrypted Partitions", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-28_ENCRYPTION_AT_REST", "factors": { "factor_a": { "label": "bitlocker_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "bitlocker_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L2-3.13.16", "FEDRAMP-HIGH": "SC-28", "FEDRAMP-MOD": "SC-28", "NIST-800-171": "3.13.16", "RMF": "SC-28" }, "namespace": "INF" }, "SC-28.2": { "procedure_id": "SC-28.2", "parent_control": "SC-28", "title": "Database Encryption at Rest - Postgres Data Checksums", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SC-28_PG_DATA_CHECKSUMS", "factors": { "factor_a": { "label": "data_checksums_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "data_checksums_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "FEDRAMP-HIGH": "SC-28", "FEDRAMP-MOD": "SC-28", "RMF": "SC-28" }, "namespace": "INF" }, "SC-5.1": { "procedure_id": "SC-5.1", "parent_control": "SC-5", "title": "Denial of Service Protection - SYN Cookies Enabled", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-5_SYN_COOKIES", "factors": { "factor_a": { "label": "syn_cookies_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "syn_cookies_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L1-3.13.1", "FEDRAMP-HIGH": "SC-5", "FEDRAMP-MOD": "SC-5", "NIST-800-171": "3.13.1", "RMF": "SC-5" }, "namespace": "INF" }, "SC-7.6": { "procedure_id": "SC-7.6", "parent_control": "SC-7", "title": "Boundary Protection - Listening Services", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-7_LISTENING_SERVICES", "factors": { "factor_a": { "label": "default_block_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "default_block_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L1-3.13.1", "FEDRAMP-HIGH": "SC-7", "FEDRAMP-MOD": "SC-7", "NIST-800-171": "3.13.1", "RMF": "SC-7" }, "namespace": "INF" }, "SC-7.7": { "procedure_id": "SC-7.7", "parent_control": "SC-7", "title": "Boundary Protection - Firewall Active", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-7_FIREWALL_ACTIVE", "factors": { "factor_a": { "label": "boundary_protection_required", "description": "Whether network boundary protection must be active (1 = yes). Maps to NIST SC-7: Boundary Protection.", "default": 1 }, "factor_b": { "label": "boundary_protection_active", "description": "Whether the host firewall (iptables/nftables/ufw) has active FORWARD chain rules preventing unauthorized transit traffic." }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Verifies the system enforces network boundary protection at the host level. Critical control for any enclave processing CUI." }, "frameworks": { "CMMC-v2.0": "SC.L1-3.13.1", "FEDRAMP-HIGH": "SC-7", "FEDRAMP-MOD": "SC-7", "NIST-800-171": "3.13.1", "RMF": "SC-7" }, "namespace": "INF" }, "SC-7.8": { "procedure_id": "SC-7.8", "parent_control": "SC-7", "title": "Boundary Protection - Default Deny INPUT Policy", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-7_DEFAULT_DENY", "factors": { "factor_a": { "label": "firewall_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "private_firewall_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L1-3.13.5", "FEDRAMP-HIGH": "SC-7", "FEDRAMP-MOD": "SC-7", "NIST-800-171": "3.13.5", "RMF": "SC-7" }, "namespace": "INF" }, "SC-8.1": { "procedure_id": "SC-8.1", "parent_control": "SC-8", "title": "Transmission Confidentiality - TLS Configuration", "category": "linux_infra", "scope": "linux_infra", "check_type": "SC-8_TLS_CONFIGURATION", "factors": { "factor_a": { "label": "ssl3_disabled_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "ssl3_disabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "TLS: encrypted connections (B) must meet required percentage (A)" }, "frameworks": { "CMMC-v2.0": "SC.L2-3.13.8", "FEDRAMP-HIGH": "SC-8", "FEDRAMP-MOD": "SC-8", "NIST-800-171": "3.13.8", "RMF": "SC-8" }, "namespace": "INF" }, "SC-8.2": { "procedure_id": "SC-8.2", "parent_control": "SC-8", "title": "Transmission Confidentiality - Weak SSL Protocols Disabled", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-8_WEAK_PROTOCOLS", "factors": { "factor_a": { "label": "tls10_disabled_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "tls10_disabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SC.L2-3.13.8", "FEDRAMP-HIGH": "SC-8", "FEDRAMP-MOD": "SC-8", "NIST-800-171": "3.13.8", "RMF": "SC-8" }, "namespace": "INF" }, "SC-8.3": { "procedure_id": "SC-8.3", "parent_control": "SC-8", "title": "Database Transport Encryption - Postgres SSL Active", "category": "NETWORK", "scope": "linux_infra", "check_type": "SC-8_PG_SSL", "factors": { "factor_a": { "label": "ssl_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "ssl_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": {}, "namespace": "INF" }, "SI-2.1": { "procedure_id": "SI-2.1", "parent_control": "SI-2", "title": "Flaw Remediation - Pending Security Updates", "category": "linux_infra", "scope": "linux_infra", "check_type": "SI-2_SECURITY_UPDATES", "factors": { "factor_a": { "label": "recent_patches_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "recent_patches_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Patching: unpatched systems (B) must not exceed threshold (A)" }, "frameworks": { "CMMC-v2.0": "SI.L1-3.14.1", "FEDRAMP-HIGH": "SI-2", "FEDRAMP-MOD": "SI-2", "NIST-800-171": "3.14.1", "RMF": "SI-2" }, "namespace": "INF" }, "SI-2.2": { "procedure_id": "SI-2.2", "parent_control": "SI-2", "title": "Flaw Remediation - Automatic Updates Enabled", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-2_AUTO_UPDATES", "factors": { "factor_a": { "label": "wsus_configured_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "wsus_configured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L1-3.14.1", "FEDRAMP-HIGH": "SI-2", "FEDRAMP-MOD": "SI-2", "NIST-800-171": "3.14.1", "RMF": "SI-2" }, "namespace": "INF" }, "SI-2.3": { "procedure_id": "SI-2.3", "parent_control": "SI-2", "title": "Flaw Remediation - System Reboot Required", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-2_REBOOT_REQUIRED", "factors": { "factor_a": { "label": "max_stale_images", "description": "The expected or required value (the standard).", "default": 5 }, "factor_b": { "label": "stale_images_found", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L1-3.14.1", "FEDRAMP-HIGH": "SI-2", "FEDRAMP-MOD": "SI-2", "NIST-800-171": "3.14.1", "RMF": "SI-2" }, "namespace": "INF" }, "SI-3.1": { "procedure_id": "SI-3.1", "parent_control": "SI-3", "title": "Malicious Code Protection - Antimalware Presence", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-3_ANTIMALWARE", "factors": { "factor_a": { "label": "antivirus_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "antivirus_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L1-3.14.2", "FEDRAMP-HIGH": "SI-3", "FEDRAMP-MOD": "SI-3", "NIST-800-171": "3.14.2", "RMF": "SI-3" }, "namespace": "INF" }, "SI-4.1": { "procedure_id": "SI-4.1", "parent_control": "SI-4", "title": "System Monitoring - Auditd Active", "category": "linux_infra", "scope": "linux_infra", "check_type": "SI-4_AUDITD_ACTIVE", "factors": { "factor_a": { "label": "min_app_log_kb", "description": "The expected or required value (the standard).", "default": 32768 }, "factor_b": { "label": "app_log_size_kb", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Monitoring: active sensors (B) must meet required count (A)" }, "frameworks": { "CMMC-v2.0": "SI.L2-3.14.6", "FEDRAMP-HIGH": "SI-4", "FEDRAMP-MOD": "SI-4", "NIST-800-171": "3.14.6", "RMF": "SI-4" }, "namespace": "INF" }, "SI-4.2": { "procedure_id": "SI-4.2", "parent_control": "SI-4", "title": "System Monitoring - Audit Rules Count", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-4_AUDIT_RULES_COUNT", "factors": { "factor_a": { "label": "min_system_log_kb", "description": "The expected or required value (the standard).", "default": 32768 }, "factor_b": { "label": "system_log_size_kb", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L2-3.14.7", "FEDRAMP-HIGH": "SI-4", "FEDRAMP-MOD": "SI-4", "NIST-800-171": "3.14.7", "RMF": "SI-4" }, "namespace": "INF" }, "SI-6.1": { "procedure_id": "SI-6.1", "parent_control": "SI-6", "title": "Security Function Verification - AppArmor or SELinux Active", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-6_MAC_ACTIVE", "factors": { "factor_a": { "label": "mac_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "mac_active", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L2-3.14.6", "FEDRAMP-HIGH": "SI-6", "FEDRAMP-MOD": "SI-6", "NIST-800-171": "3.14.6", "RMF": "SI-6" }, "namespace": "INF" }, "SI-7.1": { "procedure_id": "SI-7.1", "parent_control": "SI-7", "title": "Software and Information Integrity - File Integrity Tool", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-7_FILE_INTEGRITY", "factors": { "factor_a": { "label": "vbs_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "vbs_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L2-3.14.6", "FEDRAMP-HIGH": "SI-7", "FEDRAMP-MOD": "SI-7", "NIST-800-171": "3.14.6", "RMF": "SI-7" }, "namespace": "INF" }, "SI-7.2": { "procedure_id": "SI-7.2", "parent_control": "SI-7", "title": "Software Integrity - Package Verification", "category": "INTEGRITY", "scope": "linux_infra", "check_type": "SI-7_PACKAGE_VERIFICATION", "factors": { "factor_a": { "label": "credential_guard_required", "description": "The expected or required value (the standard).", "default": 1 }, "factor_b": { "label": "credential_guard_enabled", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Evaluates whether the measured value meets the required threshold." }, "frameworks": { "CMMC-v2.0": "SI.L2-3.14.6", "FEDRAMP-HIGH": "SI-7", "FEDRAMP-MOD": "SI-7", "NIST-800-171": "3.14.6", "RMF": "SI-7" }, "namespace": "INF" }, "VARP-BASELINE": { "procedure_id": "VARP-BASELINE", "parent_control": "SI-2", "title": "VARP Baseline \u2014 All remediations completed", "category": "linux_infra", "scope": "linux_infra", "check_type": "VARP Baseline Completeness", "factors": { "factor_a": { "label": "threshold", "description": "The expected or required value (the standard).", "default": null }, "factor_b": { "label": "measured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "factor_a = remediations_required, factor_b = remediations_completed, factor_c = drift_count (must be 0). PASS when completed >= required." }, "frameworks": {}, "namespace": "INF" }, "VARP-FLAGGED-REM": { "procedure_id": "VARP-FLAGGED-REM", "parent_control": "SI-2", "title": "VARP Flagged Items \u2014 All critical findings resolved", "category": "linux_infra", "scope": "linux_infra", "check_type": "VARP Flagged Items Remediation", "factors": { "factor_a": { "label": "threshold", "description": "The expected or required value (the standard).", "default": null }, "factor_b": { "label": "measured", "description": "The observed or measured value (the reality)." }, "factor_c": { "label": "difference", "description": "Additional context or delta value." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "factor_a = findings_flagged, factor_b = findings_resolved, factor_c = findings_outstanding. PASS when resolved >= flagged." }, "frameworks": {}, "namespace": "INF" }, "AI-HITL.3": { "procedure_id": "AI-HITL.3", "parent_control": "AI-HITL", "title": "Overseer Identity Capture - Reviewer Identified Per Decision", "category": "AI", "scope": "ai_governance", "check_type": "attestation", "factors": { "factor_a": { "label": "identity_capture_required", "description": "Whether the identity of the natural person who reviewed or verified the AI output must be recorded (1 = required). EU AI Act Art.12(2)(d) mandate.", "default": 1, "regulatory_ref": "EU AI Act Art. 12(2)(d); NIST AI RMF GOVERN 1.1" }, "factor_b": { "label": "identity_captured", "description": "Whether the reviewer's identity was captured and linked to the decision record (1 = captured, 0 = anonymous or missing).", "regulatory_ref": "EU AI Act Art. 12(2)(d); NIST AI RMF GOVERN 1.1" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms that every high-risk AI decision has a named human reviewer on record. Required by EU AI Act Article 12(2)(d) for traceability of human oversight." }, "frameworks": { "EU-AI-ACT": "Art.12(2)(d)" }, "namespace": "AI" }, "AI-LOG.1": { "procedure_id": "AI-LOG.1", "parent_control": "AI-LOG", "title": "Log Retention Compliance - Minimum 180-Day Retention Verified", "category": "AI", "scope": "ai_governance", "check_type": "AI-LOG_RETENTION", "factors": { "factor_a": { "label": "min_retention_days", "description": "Minimum required log retention period in days. EU AI Act mandates 180 days (6 months) minimum for deployer-generated logs.", "default": 180, "regulatory_ref": "EU AI Act Art. 12(3)" }, "factor_b": { "label": "actual_retention_days", "description": "Age in days of the oldest retained AI inference log. Must equal or exceed the minimum retention period.", "regulatory_ref": "EU AI Act Art. 12(3)" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Verifies that AI inference logs are retained for at least 6 months (180 days) as required by EU AI Act Article 12(3). A FAIL indicates logs are being purged too early." }, "frameworks": { "EU-AI-ACT": "Art.12(3)" }, "namespace": "AI" }, "AI-MDL.4": { "procedure_id": "AI-MDL.4", "parent_control": "AI-MDL", "title": "Feedback Loop Control - Training Data Isolation From Biased Outputs", "category": "AI", "scope": "ai_governance", "check_type": "attestation", "factors": { "factor_a": { "label": "feedback_isolation_required", "description": "Whether feedback loop controls must be in place to prevent biased AI outputs from contaminating future training data (1 = required).", "default": 1, "regulatory_ref": "EU AI Act Art. 15(4); NIST AI RMF MANAGE 2.2" }, "factor_b": { "label": "feedback_isolation_active", "description": "Whether controls are active that prevent model outputs flagged as biased, inaccurate, or non-compliant from being fed back into training pipelines (1 = active, 0 = no controls).", "regulatory_ref": "EU AI Act Art. 15(4); NIST AI RMF MANAGE 2.2" }, "factor_c": { "label": "reserved", "description": "Reserved for future use. Always 0." } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms that continuously learning AI systems have controls preventing biased outputs from poisoning future training data. Required by EU AI Act Article 15(4) for systems that continue to learn after deployment." }, "frameworks": { "EU-AI-ACT": "Art.15(4)" }, "namespace": "AI" }, "FIN-GOV.1": { "procedure_id": "FIN-GOV.1", "parent_control": "FIN-GOV", "title": "Model Governance Committee Approval", "category": "FIN", "scope": "financial_services", "check_type": "FIN_GOVERNANCE_APPROVAL", "factors": { "factor_a": { "label": "committee_quorum_required", "description": "Minimum number of committee members required for a valid governance vote.", "default": 3, "regulatory_ref": "SR 11-7 Sec. III" }, "factor_b": { "label": "votes_recorded", "description": "Number of committee votes actually recorded for this model decision.", "regulatory_ref": "SR 11-7 Sec. III" }, "factor_c": { "label": "approval_flag", "description": "Whether the committee approved (1) or rejected (0) the model for production use.", "regulatory_ref": "SR 11-7 Sec. III" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c >= 1", "description": "Confirms the governance committee achieved quorum and approved the model. Maps to SR 11-7 Board and Senior Management Oversight." }, "frameworks": { "SR-11-7": "SR11-7.III" }, "namespace": "FIN" }, "FIN-MRM.1": { "procedure_id": "FIN-MRM.1", "parent_control": "FIN-MRM", "title": "Model Inventory and Lineage", "category": "FIN", "scope": "financial_services", "check_type": "FIN_MODEL_INVENTORY", "factors": { "factor_a": { "label": "model_registration_required", "description": "Set to 1 indicating model must be registered in the inventory.", "default": 1, "regulatory_ref": "SR 11-7 Sec. V" }, "factor_b": { "label": "model_hash_matches", "description": "Set to 1 if the deployed model hash matches the approved version in the inventory.", "regulatory_ref": "SR 11-7 Sec. V" }, "factor_c": { "label": "reserved", "description": "Reserved. Always 0.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Verifies the model is registered in the firm-wide inventory and the deployed version matches the approved hash. Maps to SR 11-7 Model Inventory requirements." }, "frameworks": { "SR-11-7": "SR11-7.V" }, "namespace": "FIN" }, "FIN-VAL.1": { "procedure_id": "FIN-VAL.1", "parent_control": "FIN-VAL", "title": "Independent Model Validation", "category": "FIN", "scope": "financial_services", "check_type": "FIN_INDEPENDENT_VALIDATION", "factors": { "factor_a": { "label": "validation_required", "description": "Set to 1 indicating independent validation is required.", "default": 1, "regulatory_ref": "SR 11-7 Sec. VI" }, "factor_b": { "label": "validator_signed", "description": "Set to 1 if an independent validator has signed off on the model.", "regulatory_ref": "SR 11-7 Sec. VI" }, "factor_c": { "label": "days_since_validation", "description": "Number of days since the last independent validation was completed.", "regulatory_ref": "SR 11-7 Sec. VI" } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms an independent validator has performed effective challenge on the model. The days_since_validation factor provides staleness tracking. Maps to SR 11-7 Model Validation." }, "frameworks": { "SR-11-7": "SR11-7.VI" }, "namespace": "FIN" }, "FIN-MON.1": { "procedure_id": "FIN-MON.1", "parent_control": "FIN-MON", "title": "Ongoing Performance Monitoring", "category": "FIN", "scope": "financial_services", "check_type": "FIN_PERFORMANCE_MONITORING", "factors": { "factor_a": { "label": "performance_threshold", "description": "Maximum acceptable value for the monitored metric (PSI, CSI, AUC degradation, etc.).", "regulatory_ref": "SR 11-7 Sec. VII" }, "factor_b": { "label": "actual_metric", "description": "Current value of the monitored performance metric.", "regulatory_ref": "SR 11-7 Sec. VII" }, "factor_c": { "label": "drift_flag", "description": "Set to 1 if the metric has breached the threshold (drift detected). 0 if within bounds.", "regulatory_ref": "SR 11-7 Sec. VII" } }, "evaluation": { "expression": "factor_b <= factor_a AND factor_c <= 0", "description": "Confirms the model performance metric is within the acceptable threshold and no drift has been flagged. Maps to SR 11-7 Ongoing Monitoring." }, "frameworks": { "SR-11-7": "SR11-7.VII" }, "namespace": "FIN" }, "FIN-OUT.1": { "procedure_id": "FIN-OUT.1", "parent_control": "FIN-OUT", "title": "Outcomes Analysis (Back-testing)", "category": "FIN", "scope": "financial_services", "check_type": "FIN_OUTCOMES_ANALYSIS", "factors": { "factor_a": { "label": "sample_size_required", "description": "Minimum number of observations required for a statistically valid back-test.", "regulatory_ref": "SR 11-7 Sec. VIII" }, "factor_b": { "label": "actual_sample_size", "description": "Number of observations actually used in the back-test.", "regulatory_ref": "SR 11-7 Sec. VIII" }, "factor_c": { "label": "within_tolerance", "description": "Set to 1 if model predictions were within the acceptable tolerance of actual outcomes. 0 if not.", "regulatory_ref": "SR 11-7 Sec. VIII" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c >= 1", "description": "Confirms back-testing was performed with a sufficient sample size and results fell within tolerance. Maps to SR 11-7 Outcomes Analysis." }, "frameworks": { "SR-11-7": "SR11-7.VIII" }, "namespace": "FIN" }, "CON-STR.1": { "procedure_id": "CON-STR.1", "parent_control": "CON-STR", "title": "Structural Verification", "category": "CON", "scope": "construction", "check_type": "CON_STRUCTURAL_VERIFICATION", "factors": { "factor_a": { "label": "code_requirement", "description": "The value required by the applicable building code or engineering specification (e.g., rebar spacing in cm, load capacity in kN).", "regulatory_ref": "OSHA 29 CFR 1926.700(a)" }, "factor_b": { "label": "measured_value", "description": "The value measured or observed at the job site, captured by sensor, AI vision, or manual inspection tool.", "regulatory_ref": "OSHA 29 CFR 1926.700(a)" }, "factor_c": { "label": "inspection_method", "description": "Inspection method code: 1 = AI vision, 2 = sensor/IoT, 3 = licensed inspector manual entry.", "regulatory_ref": "OSHA 29 CFR 1926.20(b)(2)" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c >= 1", "description": "Confirms the measured structural value meets or exceeds the code requirement, and a valid inspection method was used." }, "frameworks": { "OSHA-1926": "1926.700" }, "namespace": "CON" }, "CON-FIN.1": { "procedure_id": "CON-FIN.1", "parent_control": "CON-FIN", "title": "Payment Attestation", "category": "CON", "scope": "construction", "check_type": "CON_PAYMENT_ATTESTATION", "factors": { "factor_a": { "label": "milestone_completion_pct", "description": "Required completion percentage for the milestone to trigger payment release (e.g., 100).", "regulatory_ref": "AIA A201-2017" }, "factor_b": { "label": "verified_completion_pct", "description": "Completion percentage verified by inspector or AI vision at the time of attestation.", "regulatory_ref": "AIA A201-2017" }, "factor_c": { "label": "lien_waiver_received", "description": "Set to 1 if a valid lien waiver has been received for this payment milestone. 0 if not.", "regulatory_ref": "UCC Article 3" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c >= 1", "description": "Confirms milestone completion is verified and lien waiver is on file before payment release." }, "frameworks": { "OSHA-1926": "FINANCIAL" }, "namespace": "CON" }, "CON-ENV.1": { "procedure_id": "CON-ENV.1", "parent_control": "CON-ENV", "title": "Environmental Monitoring", "category": "CON", "scope": "construction", "check_type": "CON_ENVIRONMENTAL_MONITORING", "factors": { "factor_a": { "label": "threshold_value", "description": "The environmental threshold defined by spec (e.g., concrete cure PSI at 72h, temperature range, humidity ceiling).", "regulatory_ref": "OSHA 29 CFR 1926.700(a); ACI 318-19 Sec. 26.5.3.1" }, "factor_b": { "label": "sensor_reading", "description": "The value reported by the on-site sensor or monitoring device at the time of capture.", "regulatory_ref": "OSHA 29 CFR 1926.700(a)" }, "factor_c": { "label": "hours_elapsed", "description": "Hours elapsed since the monitored event began (e.g., hours since concrete pour). Used to verify time-dependent thresholds.", "regulatory_ref": "ACI 318-19 Sec. 26.5.3.1" } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms the environmental reading meets or exceeds the required threshold at the specified elapsed time." }, "frameworks": { "OSHA-1926": "1926.700" }, "namespace": "CON" }, "CON-SAF.1": { "procedure_id": "CON-SAF.1", "parent_control": "CON-SAF", "title": "Safety Compliance", "category": "CON", "scope": "construction", "check_type": "CON_SAFETY_COMPLIANCE", "factors": { "factor_a": { "label": "required_certifications", "description": "Number of valid safety certifications required for the work activity (e.g., fall protection, confined space, crane operation).", "regulatory_ref": "OSHA 29 CFR 1926.500-503" }, "factor_b": { "label": "verified_certifications", "description": "Number of certifications verified as current and valid at time of inspection.", "regulatory_ref": "OSHA 29 CFR 1926.500-503" }, "factor_c": { "label": "ppe_compliant", "description": "Set to 1 if all required PPE was observed/verified at the job site. 0 if any deficiency was noted.", "regulatory_ref": "OSHA 29 CFR 1926.95-107" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c >= 1", "description": "Confirms all required safety certifications are current and PPE compliance is verified." }, "frameworks": { "OSHA-1926": "1926.500" }, "namespace": "CON" }, "CON-INS.1": { "procedure_id": "CON-INS.1", "parent_control": "CON-INS", "title": "Inspection Attestation", "category": "CON", "scope": "construction", "check_type": "CON_INSPECTION_ATTESTATION", "factors": { "factor_a": { "label": "inspection_items_required", "description": "Number of items on the inspection checklist for this milestone.", "regulatory_ref": "OSHA 29 CFR 1926.20(b)(2)" }, "factor_b": { "label": "inspection_items_passed", "description": "Number of checklist items that passed inspection.", "regulatory_ref": "OSHA 29 CFR 1926.20(b)(2)" }, "factor_c": { "label": "inspector_licensed", "description": "Set to 1 if the inspector holds a valid license for this inspection type. 0 if not.", "regulatory_ref": "OSHA 29 CFR 1926.20(b)(1)" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c >= 1", "description": "Confirms all inspection checklist items passed and the inspector is licensed." }, "frameworks": { "OSHA-1926": "1926.20" }, "namespace": "CON" }, "HCF-DX.1": { "procedure_id": "HCF-DX.1", "parent_control": "HCF-DX", "title": "Diagnostic Accountability", "category": "HCF", "scope": "healthcare", "check_type": "HCF_DIAGNOSTIC_ACCOUNTABILITY", "factors": { "factor_a": { "label": "confidence_threshold", "description": "Minimum confidence score required by clinical protocol for the AI to render a diagnostic recommendation (e.g., 0.92).", "regulatory_ref": "21 CFR Part 11 Sec. 11.10(a); FDA CDS Guidance" }, "factor_b": { "label": "model_confidence", "description": "The confidence score output by the diagnostic AI for this inference.", "regulatory_ref": "21 CFR Part 11 Sec. 11.10(a)" }, "factor_c": { "label": "ground_truth_match", "description": "Set to 1 if the AI recommendation matched the ground truth or clinician-confirmed diagnosis. 0 if divergent. -1 if ground truth not yet available.", "regulatory_ref": "21 CFR Part 11 Sec. 11.10(e); EU AI Act Annex III.1" } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms the AI diagnostic confidence meets or exceeds the clinical threshold. Ground truth match is recorded for retrospective accuracy auditing." }, "frameworks": { "HIPAA-CFR": "45CFR.164.312", "EU-AI-ACT": "Annex-III.1" }, "namespace": "HCF" }, "HCF-RX.1": { "procedure_id": "HCF-RX.1", "parent_control": "HCF-RX", "title": "Prescription Safety", "category": "HCF", "scope": "healthcare", "check_type": "HCF_PRESCRIPTION_SAFETY", "factors": { "factor_a": { "label": "interaction_checks_required", "description": "Number of drug interaction and allergy checks required by formulary protocol.", "regulatory_ref": "45 CFR 164.312(c)(1); JCAHO NPSG.03.05.01" }, "factor_b": { "label": "interaction_checks_passed", "description": "Number of checks that returned safe/clear results.", "regulatory_ref": "45 CFR 164.312(c)(1)" }, "factor_c": { "label": "contraindication_flag", "description": "Set to 0 if no contraindications were detected. Set to 1 if a contraindication was flagged and overridden by a clinician. Set to 2 if a contraindication blocked the prescription.", "regulatory_ref": "45 CFR 164.312(c)(1)" } }, "evaluation": { "expression": "factor_b >= factor_a AND factor_c <= 1", "description": "Confirms all drug interaction checks passed and no unresolved contraindications exist." }, "frameworks": { "HIPAA-CFR": "45CFR.164.312", "EU-AI-ACT": "Annex-III.1" }, "namespace": "HCF" }, "HCF-PRIV.1": { "procedure_id": "HCF-PRIV.1", "parent_control": "HCF-PRIV", "title": "PHI Access Audit", "category": "HCF", "scope": "healthcare", "check_type": "HCF_PHI_ACCESS_AUDIT", "factors": { "factor_a": { "label": "consent_required", "description": "Set to 1 if patient consent is required for this data access event. 0 for emergency/break-glass access.", "regulatory_ref": "45 CFR 164.508" }, "factor_b": { "label": "consent_verified", "description": "Set to 1 if valid patient consent was verified at the time of access. 0 if not.", "regulatory_ref": "45 CFR 164.508" }, "factor_c": { "label": "requestor_authorized", "description": "Set to 1 if the requestor holds an authorized role for this data type. 0 if access was unauthorized.", "regulatory_ref": "45 CFR 164.312(d)" } }, "evaluation": { "expression": "(factor_a == 0 OR factor_b >= factor_a) AND factor_c >= 1", "description": "Confirms patient consent is on file (or waived for emergency) and the requestor is authorized. Maps to HIPAA Privacy Rule access controls." }, "frameworks": { "HIPAA-CFR": "45CFR.164.508", "EU-AI-ACT": "Art.10" }, "namespace": "HCF" }, "AI-INF.3": { "procedure_id": "AI-INF.3", "parent_control": "AI-INF", "title": "Inference Volume - Hourly Rate Governance", "category": "AI", "scope": "ai_governance", "check_type": "AI_INFERENCE_VOLUME", "factors": { "factor_a": { "label": "max_inferences_hour", "description": "Maximum allowed inferences per hour as defined by governance policy.", "regulatory_ref": "EU AI Act Art. 12(1); NIST AI RMF GOVERN 2.1" }, "factor_b": { "label": "actual_inferences", "description": "Actual inference count observed in the monitoring window.", "regulatory_ref": "EU AI Act Art. 12(1); NIST AI RMF GOVERN 2.1" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Confirms inference volume is within governance limits." }, "frameworks": { "EU-AI-ACT": "Art.12(1)", "AI-RMF": "GOVERN 2.1" }, "namespace": "AI" }, "AI-MDL.3": { "procedure_id": "AI-MDL.3", "parent_control": "AI-MDL", "title": "Model Drift Detection", "category": "AI", "scope": "ai_governance", "check_type": "AI_MODEL_DRIFT", "factors": { "factor_a": { "label": "drift_threshold", "description": "Maximum acceptable drift score before the model is flagged for review.", "regulatory_ref": "EU AI Act Art. 72(1); NIST AI RMF MEASURE 2.6" }, "factor_b": { "label": "drift_score", "description": "Measured drift score comparing current output distribution to baseline.", "regulatory_ref": "EU AI Act Art. 72(1); NIST AI RMF MEASURE 2.6" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Confirms model output distribution has not drifted beyond acceptable threshold." }, "frameworks": { "EU-AI-ACT": "Art.72(1)", "AI-RMF": "MEASURE 2.6" }, "namespace": "AI" }, "AI-GRD.3": { "procedure_id": "AI-GRD.3", "parent_control": "AI-GRD", "title": "PII Redaction", "category": "AI", "scope": "ai_governance", "check_type": "AI_PII_REDACTION", "factors": { "factor_a": { "label": "redaction_required", "description": "Whether PII redaction is required for this inference (1 = yes).", "regulatory_ref": "EU AI Act Art. 10(2)(f); NIST AI RMF GOVERN 1.7" }, "factor_b": { "label": "redaction_active", "description": "Whether the PII redaction engine was active (1 = active, 0 = inactive).", "regulatory_ref": "EU AI Act Art. 10(2)(f); NIST AI RMF GOVERN 1.7" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms PII redaction was active when required." }, "frameworks": { "EU-AI-ACT": "Art.10(2)(f)", "AI-RMF": "GOVERN 1.7" }, "namespace": "AI" }, "AI-FAIR.1": { "procedure_id": "AI-FAIR.1", "parent_control": "AI-FAIR", "title": "Bias Disparity Measurement", "category": "AI", "scope": "ai_governance", "check_type": "AI_BIAS_DISPARITY", "factors": { "factor_a": { "label": "max_disparity_ratio", "description": "Maximum acceptable disparity ratio across protected groups (percentage).", "regulatory_ref": "EU AI Act Art. 10(2)(f); NIST AI RMF MEASURE 2.5" }, "factor_b": { "label": "observed_disparity", "description": "Measured disparity ratio from the fairness evaluation.", "regulatory_ref": "EU AI Act Art. 10(2)(f); NIST AI RMF MEASURE 2.5" }, "factor_c": { "label": "protected_class_count", "description": "Number of protected class categories evaluated.", "regulatory_ref": "EU AI Act Art. 10(2)(f); NIST AI RMF MAP 2.1" } }, "evaluation": { "expression": "factor_b <= factor_a", "description": "Confirms bias disparity is within acceptable threshold across all protected groups." }, "frameworks": { "EU-AI-ACT": "Art.10(2)(f)", "AI-RMF": "MEASURE 2.5" }, "namespace": "AI" }, "AI-FAIR.2": { "procedure_id": "AI-FAIR.2", "parent_control": "AI-FAIR", "title": "Fairness Calibration", "category": "AI", "scope": "ai_governance", "check_type": "AI_FAIRNESS_CALIBRATION", "factors": { "factor_a": { "label": "min_fairness_score", "description": "Minimum acceptable fairness calibration score.", "regulatory_ref": "EU AI Act Art. 9(4)(a); NIST AI RMF MAP 2.3" }, "factor_b": { "label": "actual_fairness_score", "description": "Measured fairness calibration score across demographic groups.", "regulatory_ref": "EU AI Act Art. 9(4)(a); NIST AI RMF MAP 2.3" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms fairness score meets the minimum calibration threshold." }, "frameworks": { "EU-AI-ACT": "Art.9(4)(a)", "AI-RMF": "MAP 2.3" }, "namespace": "AI" }, "AI-DATA.1": { "procedure_id": "AI-DATA.1", "parent_control": "AI-DATA", "title": "Training Data Provenance", "category": "AI", "scope": "ai_governance", "check_type": "AI_DATA_PROVENANCE", "factors": { "factor_a": { "label": "provenance_required", "description": "Whether data provenance documentation is required (1 = yes).", "regulatory_ref": "EU AI Act Art. 10(2)(a); NIST AI RMF MAP 3.5" }, "factor_b": { "label": "provenance_documented", "description": "Whether source, license, and collection method are documented (1 = yes).", "regulatory_ref": "EU AI Act Art. 10(2)(a); NIST AI RMF MAP 3.5" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms training data provenance is documented per data governance requirements." }, "frameworks": { "EU-AI-ACT": "Art.10(2)(a)", "AI-RMF": "MAP 3.5" }, "namespace": "AI" }, "AI-DATA.2": { "procedure_id": "AI-DATA.2", "parent_control": "AI-DATA", "title": "Training Data License Compliance", "category": "AI", "scope": "ai_governance", "check_type": "AI_DATA_LICENSE", "factors": { "factor_a": { "label": "license_check_required", "description": "Whether license compliance verification is required (1 = yes).", "regulatory_ref": "EU AI Act Art. 10(2)(a); NIST AI RMF GOVERN 1.7" }, "factor_b": { "label": "license_verified", "description": "Whether all training data licenses have been verified (1 = yes).", "regulatory_ref": "EU AI Act Art. 10(2)(a); NIST AI RMF GOVERN 1.7" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms all training data complies with applicable license terms." }, "frameworks": { "EU-AI-ACT": "Art.10(2)(a)", "AI-RMF": "GOVERN 1.7" }, "namespace": "AI" }, "AI-HITL.1": { "procedure_id": "AI-HITL.1", "parent_control": "AI-HITL", "title": "Human Review Completion", "category": "AI", "scope": "ai_governance", "check_type": "AI_HUMAN_REVIEW", "factors": { "factor_a": { "label": "review_required", "description": "Whether human review is required for this decision type (1 = yes).", "regulatory_ref": "EU AI Act Art. 14(1); NIST AI RMF GOVERN 1.1" }, "factor_b": { "label": "review_completed", "description": "Whether a qualified human reviewed and approved the decision (1 = yes).", "regulatory_ref": "EU AI Act Art. 14(1); NIST AI RMF GOVERN 1.1" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms human oversight was exercised for high-risk AI decisions." }, "frameworks": { "EU-AI-ACT": "Art.14(1)", "AI-RMF": "GOVERN 1.1" }, "namespace": "AI" }, "AI-HITL.2": { "procedure_id": "AI-HITL.2", "parent_control": "AI-HITL", "title": "Human Override Event Tracking", "category": "AI", "scope": "ai_governance", "check_type": "AI_OVERRIDE_TRACKING", "factors": { "factor_a": { "label": "override_logging_required", "description": "Whether override event logging is required (1 = yes).", "regulatory_ref": "EU AI Act Art. 14(4)(d); NIST AI RMF MANAGE 4.1" }, "factor_b": { "label": "override_logged", "description": "Whether the override event was captured in the audit trail (1 = yes).", "regulatory_ref": "EU AI Act Art. 14(4)(d); NIST AI RMF MANAGE 4.1" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms human override events are logged for accountability." }, "frameworks": { "EU-AI-ACT": "Art.14(4)(d)", "AI-RMF": "MANAGE 4.1" }, "namespace": "AI" }, "AI-EXPL.1": { "procedure_id": "AI-EXPL.1", "parent_control": "AI-EXPL", "title": "Explanation Generation", "category": "AI", "scope": "ai_governance", "check_type": "AI_EXPLAINABILITY", "factors": { "factor_a": { "label": "explanation_required", "description": "Whether an explanation must accompany the AI output (1 = yes).", "regulatory_ref": "EU AI Act Art. 13(1); NIST AI RMF MEASURE 2.5" }, "factor_b": { "label": "explanation_provided", "description": "Whether a reasoning explanation was generated (1 = yes).", "regulatory_ref": "EU AI Act Art. 13(1); NIST AI RMF MEASURE 2.5" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms the AI system provided an interpretable explanation with its output." }, "frameworks": { "EU-AI-ACT": "Art.13(1)", "AI-RMF": "MEASURE 2.5" }, "namespace": "AI" }, "AI-EXPL.2": { "procedure_id": "AI-EXPL.2", "parent_control": "AI-EXPL", "title": "Confidence Scoring", "category": "AI", "scope": "ai_governance", "check_type": "AI_CONFIDENCE_SCORE", "factors": { "factor_a": { "label": "min_confidence_threshold", "description": "Minimum confidence score required for the output to be actionable.", "regulatory_ref": "EU AI Act Art. 13(3)(b)(ii); NIST AI RMF MAP 2.3" }, "factor_b": { "label": "model_confidence", "description": "The confidence score output by the AI model.", "regulatory_ref": "EU AI Act Art. 13(3)(b)(ii); NIST AI RMF MAP 2.3" }, "factor_c": { "label": "reserved", "description": "Reserved for future use.", "default": 0 } }, "evaluation": { "expression": "factor_b >= factor_a", "description": "Confirms model confidence meets the minimum threshold for actionable output." }, "frameworks": { "EU-AI-ACT": "Art.13(3)(b)(ii)", "AI-RMF": "MAP 2.3" }, "namespace": "AI" } }, "namespaces": { "AI": "Artificial Intelligence governance, model integrity, inference witnessing (20 procedures)", "INF": "Infrastructure controls, OS hardening, network, database, web, container, endpoint", "FIN": "Financial services model risk management, SR 11-7 / OCC 2011-12 compliance", "CON": "Construction site accountability, structural verification, OSHA 1926 compliance", "HCF": "Healthcare AI accountability, diagnostic traceability, HIPAA / 21 CFR Part 11 compliance" } }