Overview
Provide a harvest report to transform Kubernetes compliance operator evidence from cluster_resource fetcher into a NIST OSCAL Assessment Results collection of Observations in JSON format.
Rationale: standardized version of evidence for multi-cloud and to facilitate creation of NIST OSCAL Assessment Results.
Requirements
- The cluster_resource fetcher produces evidence comprising a JSON file with embedded XML in non-OSCAL format.
- The harvest report is to produce a JSON file comprising NIST OSCAL Assessment Results Observations.
- The harvest report is to produce an enhanced JSON file with additional Observation data when an optional oscal-metadata YAML file is specified.
- Employ transformation technology available from compliance-trestle open source project.
Approach
Write a harvest report that consumes cluster_resource evidence and optional oscal-metadata.yaml to produce compliance_oscal_observations.json.
Steps:
- read evidence from cluster_resource.json.
- read enhancement data from oscal_metadata.yaml, if exists.
- employ trestle transformer to create list of trestle Observations.
- write trestle Observations JSON as compliance_oscal_observations.json.
Security and Privacy
N/A
Test Plan
Employ unit tests comprising representative cluster_resource.json and oscal-metadata.yaml.
Overview
Provide a harvest report to transform Kubernetes compliance operator evidence from cluster_resource fetcher into a NIST OSCAL Assessment Results collection of Observations in JSON format.
Rationale: standardized version of evidence for multi-cloud and to facilitate creation of NIST OSCAL Assessment Results.
Requirements
Approach
Write a harvest report that consumes cluster_resource evidence and optional oscal-metadata.yaml to produce compliance_oscal_observations.json.
Steps:
Security and Privacy
N/A
Test Plan
Employ unit tests comprising representative cluster_resource.json and oscal-metadata.yaml.