From 43b04cb1a974330dfac9929afa6909323701577b Mon Sep 17 00:00:00 2001 From: CRob <69357996+SecurityCRob@users.noreply.github.com> Date: Mon, 27 Jan 2025 09:58:04 -0500 Subject: [PATCH 1/2] Update GV category to OSPS-DO-xxx numbering going from 2digits to 3 Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> --- baseline/OSPS-GV.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/baseline/OSPS-GV.yaml b/baseline/OSPS-GV.yaml index 03f78b6..193c581 100644 --- a/baseline/OSPS-GV.yaml +++ b/baseline/OSPS-GV.yaml @@ -6,7 +6,7 @@ description: | that the project is well positioned to respond to both threats and opportunities. criteria: - - id: OSPS-GV-01 + - id: OSPS-GV-201 maturity_level: 2 criterion: | The project documentation MUST include the @@ -28,7 +28,7 @@ criteria: OCRE: 013-021 security_insights_value: # TODO - - id: OSPS-GV-02 + - id: OSPS-GV-101 maturity_level: 1 criterion: | The project MUST have one or more mechanisms @@ -55,7 +55,7 @@ criteria: OCRE: security_insights_value: # TODO - - id: OSPS-GV-03 + - id: OSPS-GV-102 maturity_level: 1 criterion: | The project documentation MUST include an @@ -77,7 +77,7 @@ criteria: SSDF: PW1.2 security_insights_value: # TODO - - id: OSPS-GV-04 + - id: OSPS-GV-202 maturity_level: 2 criterion: | The project documentation MUST include a @@ -106,7 +106,7 @@ criteria: OC: 4.1.2 security_insights_value: # TODO - - id: OSPS-GV-05 + - id: OSPS-GV-203 maturity_level: 2 criterion: | The project documentation MUST have a policy From e0c54eb9a75bd110002f0bd12b3554ec824603c6 Mon Sep 17 00:00:00 2001 From: CRob <69357996+SecurityCRob@users.noreply.github.com> Date: Thu, 30 Jan 2025 16:16:49 -0500 Subject: [PATCH 2/2] Update OSPS-GV.yaml adjusted ordering to be sequential Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> --- baseline/OSPS-GV.yaml | 44 +++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/baseline/OSPS-GV.yaml b/baseline/OSPS-GV.yaml index 193c581..ec65fbe 100644 --- a/baseline/OSPS-GV.yaml +++ b/baseline/OSPS-GV.yaml @@ -6,28 +6,6 @@ description: | that the project is well positioned to respond to both threats and opportunities. criteria: - - id: OSPS-GV-201 - maturity_level: 2 - criterion: | - The project documentation MUST include the - Roles and Responsibilities for members of the - project. - rationale: | - Documenting project roles and responsibilities - helps project particpants, potential contributors, - and downstream consumers have an accurate - understand of who is working on the project - and what areas of authority they may have. - implementation: | - Document project participants and their roles - through such artifacts as members.md, governance.md, - maintainers.md, or similar file within the source - code repository of the project. - control_mappings: - BPB: B-S-3, B-S-4 - OCRE: 013-021 - security_insights_value: # TODO - - id: OSPS-GV-101 maturity_level: 1 criterion: | @@ -77,6 +55,28 @@ criteria: SSDF: PW1.2 security_insights_value: # TODO + - id: OSPS-GV-201 + maturity_level: 2 + criterion: | + The project documentation MUST include the + Roles and Responsibilities for members of the + project. + rationale: | + Documenting project roles and responsibilities + helps project particpants, potential contributors, + and downstream consumers have an accurate + understand of who is working on the project + and what areas of authority they may have. + implementation: | + Document project participants and their roles + through such artifacts as members.md, governance.md, + maintainers.md, or similar file within the source + code repository of the project. + control_mappings: + BPB: B-S-3, B-S-4 + OCRE: 013-021 + security_insights_value: # TODO + - id: OSPS-GV-202 maturity_level: 2 criterion: |