Display user-defined guidance mappings #6028
Description
Provide capability for users to supply a guidance mapping from CCIs or NIST 800-53s that Heimdall loads and displays in the 800-53's and CCI's column of the control table when displaying results.
-
Ingestion
- New env var, keep mappings in folder, on startup Heimdall loads in mappings in folder via config utility and passes it up into store on heimdall frontend (Phase 2)
- Add a button at the top of the results view data that opens a large modal that allows (and explains how to) the user to supply & remove a user-defined guidance mapping that displays on the screen the allowed schemas (Phase 1)
- CSV (Phase 1)
- JSON (Phase 1)
- Yaml (Phase 2)
-
Schema (Phase 1)
- CSV: Two columns are required, the second being CCI or 800-53, and the first being the user's mapping of choice. Additionally, there may be an optional third column in which the user may provide description text that appears when the mapping's chip is hovered over in the results table.
-
Display Area (Phase 1)
- Add a button at the top of the results view data that opens a modal that has a section inside allowing the user to add or remove guidance mappings (checkboxes)
- Rename CCI & 800-53 column to "guidance mappings"
- Chips should be added to the column with a prefix indicating the mapping's type (800-53:, TAG:, etc.)
- On hover chip may display optional description text
Phase 2:
Saving guidance mappings to the backend for long-term storage
Permissions for viewing guidance mappings
Modifying tree map to show trees for other guidance mappings, not just 800-53
Build up a "mapping/guidance list" from the tags that are predefined within the OHDF file