4, "Non-Compliant" => 3, "Compliant" => 2, "Not Applicable" => 1 ); /** * Reverses the status array * * @var multitype:integer */ private $FLIPPED = array( 4 => "Not Reviewed", 3 => "Non-Compliant", 2 => "Compliant", 1 => "Not Applicable" ); /** * Control ID * * @var string */ protected $control_id = ''; /** * Name * * @var string */ protected $name = ''; /** * Subject area * * @var string */ protected $sub_area = ''; /** * Description * * @var string */ protected $desc = ''; /** * Threat/vulnerability/countermeasures * * @var string */ protected $tvcm = ''; /** * General implementation guide * * @var string */ protected $gimpg = ''; /** * Resource guide * * @var string */ protected $guide = ''; /** * Impact * * @var string */ protected $impact = ''; /** * Array of sub ia controls * * @var multitype:proc_sub_ia_controls */ protected $subs = array(); /** * Control Finding * * @var control_finding */ public $finding = null; /** * Constructor * * @param string $str_control_id_in * @param string $str_name_in * @param string $str_sub_area_in * @param string $str_desc_in * @param string $str_tvcm_in * @param string $str_gimpg_in * @param string $str_guide_in * @param string $str_impact_in */ public function __construct($str_control_id_in, $str_name_in, $str_sub_area_in, $str_desc_in, $str_tvcm_in, $str_gimpg_in, $str_guide_in, $str_impact_in) { $this->control_id = $str_control_id_in; $this->desc = $str_desc_in; $this->name = $str_name_in; $this->sub_area = $str_sub_area_in; $this->tvcm = $str_tvcm_in; $this->gimpg = $str_gimpg_in; $this->guide = $str_guide_in; $this->impact = $str_impact_in; $this->finding = new control_finding(); } /** * Function to get the status * * @param string|integer $val * @return multitype:integer|myltitype:string */ public function get_Status($val) { if (is_numeric($val)) { return $this->FLIPPED[$val]; } else { return $this->STATUS[$val]; } } /** * Getter function for control ID * * @return string */ public function get_Control_ID() { return $this->control_id; } /** * Setter function for control id * * @param string $str_control_id_in */ public function set_Control_ID($str_control_id_in) { $this->control_id = $str_control_id_in; } /** * Getter function for name * * @return string */ public function get_Name() { return $this->name; } /** * Setter function for name * * @param string $str_name_in */ public function set_Name($str_name_in) { $this->name = $str_name_in; } /** * Getter function for subject area * * @return string */ public function get_Subject_Area() { return $this->sub_area; } /** * Setter function for subject area * * @param string $str_sub_area_in */ public function set_Subject_Area($str_sub_area_in) { $this->sub_area = $str_sub_area_in; } /** * Getter function for description * * @return string */ public function get_Description() { return $this->desc; } /** * Setter function for description * * @param string $str_desc_in */ public function set_Description($str_desc_in) { $this->desc = $str_desc_in; } /** * Getter function for threat/vulnerability/countermeasures * * @return string */ public function get_Threat_Vul_CM() { return $this->tvcm; } /** * Setter function for threat/vulnerability/countermeasures * * @param string $str_tvcm_in */ public function set_Threat_Vul_CM($str_tvcm_in) { $this->tvcm = $str_tvcm_in; } /** * Getter function for implementation guide * * @return string */ public function get_General_Implementation_Guide() { return $this->gimpg; } /** * Setter function for implementation guide * * @param string $str_gimpg_in */ public function set_General_Implementation_Guide($str_gimpg_in) { $this->gimpg = $str_gimpg_in; } /** * Getter function for resource guide * * @return string */ public function get_Resource_Guide() { return $this->guide; } /** * Setter function for resource guide * * @param string $str_guide_in */ public function set_Resourse_Guide($str_guide_in) { $this->guide = $str_guide_in; } /** * Getter function for impact * * @return string */ public function get_Impact() { return $this->impact; } /** * Setter function for impact * * @param string $str_impact_in */ public function set_Impact($str_impact_in) { $this->impact = $str_impact_in; } /** * Getter function for sub controls * * @return multitype:proc_sub_ia_controls */ public function get_Subs() { return $this->subs; } /** * Function to add new sub controls * * @param proc_sub_ia_controls $sub_in */ public function add_Sub($sub_in) { $this->subs[] = $sub_in; } /** * Function to generate a display for procedural ops page * * @return string */ public function get_Ops_Display($odd = true) { $status_count = array( 'Not Reviewed' => 0, 'Non-Compliant' => 0, 'Compliant' => 0, 'Not Applicable' => 0 ); $current_status = 0; foreach ($this->subs as $key => $sub) { if ($this->STATUS[$sub->finding->status] > $current_status) { $current_status = $this->STATUS[$sub->finding->status]; } $status_count[$sub->finding->status] ++; } $class = strtolower(str_replace(' ', '_', str_replace('-', '_', $this->FLIPPED[$current_status]))); $parent_name = str_replace('-', '_', $this->control_id); $ret = "" . "" . "" . $this->control_id . "" . "" . $this->name . "" . "" . $this->FLIPPED[$current_status] . "" . "" . "Override: " . "" . "" . "FLIPPED[$current_status] == 'Not Reviewed' ? ' selected' : '') . ">Not Reviewed" . "FLIPPED[$current_status] == 'Non-Compliant' ? ' selected' : '') . ">Non-Compliant" . "FLIPPED[$current_status] == 'Compliant' ? ' selected' : '') . ">Compliant" . "FLIPPED[$current_status] == 'Not Applicable' ? ' selected' : '') . ">Not Applicable" . "" . "" . "" . $status_count['Compliant'] . "" . "" . $status_count['Not Reviewed'] . "" . "" . $status_count['Non-Compliant'] . "" . "" . $status_count['Not Applicable'] . "" . "" . "" . "" . "" . $this->control_id . "
" . $this->name . "" . "" . nl2br($this->desc) . "" . "" . nl2br($this->gimpg) . "" . "" . "Vulnerability Description:
" . "" . $this->finding->vul_desc . "
" . "Mitigations:
" . "" . $this->finding->mitigations . "
" . "References:
" . "" . $this->finding->reference . "
" . "Notes:
" . "" . $this->finding->notes . "" . "" . ""; foreach ($this->subs as $key => $sub) { $odd = !$odd; $name = str_replace('-', '_', $sub->get_Sub_Control_ID()); $ret .= "" . "" . $sub->get_Sub_Control_ID() . "
" . "" . "" . "finding->status == 'Not Reviewed' ? ' selected' : '') . ">Not Reviewed" . "finding->status == 'Compliant' ? ' selected' : '') . ">Compliant" . "finding->status == 'Not Applicable' ? ' selected' : '') . ">Not Applicable" . "finding->status == 'Non-Compliant' ? ' selected' : '') . ">Non-Compliant" . "" . $sub->get_Name() . "" . "" . nl2br($sub->get_Objective()) . "" . "" . nl2br($sub->get_Script()) . "" . "" . "Test Result:
" . "" . $sub->finding->test_result . "
" . "Mitigations:
" . "" . $sub->finding->mitigation . "
" . "Milestones:
" . "" . $sub->finding->milestone . "
" . "References:
" . "" . $sub->finding->reference . "
" . "Notes:
" . "" . $sub->finding->notes . "" . "" . ""; } return $ret; } /** * * @return string */ public function get_Worst_Status_String() { $current_status = 0; foreach ($this->subs as $key => $sub) { if ($this->STATUS[$sub->finding->status] > $current_status) { $current_status = $this->STATUS[$sub->finding->status]; if ($current_status == $this->STATUS['Not Reviewed']) { break; } } } return $this->FLIPPED[$current_status]; } } /** * Control Findings * * @author Ryan Prather */ class control_finding { /** * DB ID * * @var integer */ public $id = 0; /** * Associated ST&E ID * * @var integer */ public $ste_id = 0; /** * Control ID * * @var string */ public $control_id = ''; /** * Vulnerability description * * @var string */ public $vul_desc = ''; /** * Control mitigations * * @var string */ public $mitigations = ''; /** * Control references * * @var string */ public $reference = ''; public $risk_analysis = ''; /** * Notes * * @var string */ public $notes = ''; /** * Tells the system that this control review is complete * * @var boolean */ public $done = false; } /** * Procedural Sub IA Controls * * @author Ryan Prather * */ class proc_sub_ia_controls { /** * Sub control id * * @var string */ protected $sub_control_id = ''; /** * Name * * @var string */ protected $name = ''; /** * Objectives * * @var string */ protected $objective = ''; /** * Preparation * * @var string */ protected $prep = ''; /** * Script * * @var script */ protected $script = ''; /** * Expected Results * * @var string */ protected $expected_results = ''; /** * Procedural finding with notes * * @var proc_finding */ public $finding = null; /** * Constructor * * @param string $str_sub_control_id_in * @param string $str_name_in * @param string $str_obj_in * @param string $str_prep_in * @param string $str_script_in * @param string $str_exp_results_in */ public function __construct($str_sub_control_id_in, $str_name_in, $str_obj_in, $str_prep_in, $str_script_in, $str_exp_results_in) { $this->sub_control_id = $str_sub_control_id_in; $this->name = $str_name_in; $this->objective = $str_obj_in; $this->prep = $str_prep_in; $this->script = $str_script_in; $this->expected_results = $str_exp_results_in; $this->finding = new proc_finding(); } /** * Getter function for sub control id * * @return string */ public function get_Sub_Control_ID() { return $this->sub_control_id; } /** * Setter function for sub control id * * @param string $str_sub_control_id_in */ public function set_Sub_Control_ID($str_sub_control_id_in) { $this->sub_control_id = $str_sub_control_id_in; } /** * Getter function for name * * @return string */ public function get_Name() { return $this->name; } /** * Setter function for name * * @param string $str_name_in */ public function set_Name($str_name_in) { $this->name = $str_name_in; } /** * Getter function for objectives * * @return string */ public function get_Objective() { return $this->objective; } /** * Setter function for objective * * @param string $str_obj_in */ public function set_Objective($str_obj_in) { $this->objective = $str_obj_in; } /** * Getter function for preparations * * @return string */ public function get_Preparation() { return $this->prep; } /** * Setter function fore preparations * * @param string $str_prep_in */ public function set_Preparation($str_prep_in) { $this->prep = $str_prep_in; } /** * Getter function for script * * @return string */ public function get_Script() { return $this->script; } /** * Setter function for script * * @param string $str_script_in */ public function set_Script($str_script_in) { $this->script = $str_script_in; } /** * Getter function for expected results * * @return string */ public function get_Expected_Results() { return $this->expected_results; } /** * Setter function for expected results * * @param string $str_exp_results_in */ public function set_Expected_Results($str_exp_results_in) { $this->expected_results = $str_exp_results_in; } } /** * Procedural findings * * @author Ryan Prather * */ class proc_finding { /** * Finding ST&E ID * * @var integer */ public $ste_id = 0; /** * Finding control id * * @var string */ public $control_id = ''; /** * Finding Status * * @var string */ public $status = ''; /** * Finding compliance statement * * @var string */ public $test_result = ''; /** * Finding mitigations * * @var string */ public $mitigation = ''; /** * Finding milestones * * @var string */ public $milestone = ''; /** * Finding reference * * @var string */ public $reference = ''; /** * Finding notes * * @var string */ public $notes = ''; }