Releases: GovReady/govready-q
v0.10.0.3 Aspen - Python Library Update
v0.10.0.2 Aspen - Python Library Update
Update to Python libraries, including updating to Django 3.2.15.
v0.10.0 Aspen
Welcome to GovReady-q v0.10.0 "Aspen".
The Aspen release provides major feature and stability improvements to the GovReady-Q GRC software.
Version 0.10 Aspen contains multiple, customer-driven improvements:
-
Over 150 sample components based on DOD STIGs and SRGs.
-
Private components, component usage approvals, and component responsible roles.
-
An integrations framework for interacting with third-party APIs including other GRC software.
-
Improved questionnaire editing screens.
-
Major bug fixes.
-
More generous MIT open source license.
The Aspen release has been under stealth development with select customers for 10 months
and provides a solid foundation for even more exciting innovations to come.
*******************************************************************************
* IMPORTANT! RELEASES BETWEEN v0.9.11.2 and v0.10.0 CONTAIN BREAKING CHANGES! *
* PLEASE READ CHANGELOG FOR ALL VERSIONS! *
*******************************************************************************
Feature changes
- Support private components.
- Assign responsible roles to components and appointing parties to roles.
- Integrations framework for better inclusion of information from remote services.
- Component usage approval workflow.
- Single Sign On OIDC support.
- New questionnaire authoring and editing interface.
- Over 150 sample components created from DOD STIGS.
- Add form to create system from string or URLs.
READ CHANGELOG FOR A FULL LIST OF CHANGES BETWEEN v0.9.11.2 and v0.10.0
v0.9.11.2
Version 0.9.11
v0.9.11 (September 18, 2021)
IMPORTANT BREAKING CHANGE
This release replaces questionnaire-style account settings (e.g., user profile) with traditional user information form.
Installing this release will reset all users display names, titles, and profile pics.
Please contact [email protected] for a free, custom fix to preserve this data if desired!!
Display names will be reset to the username, title set to blank, and profile pics set to blank.
We apologize for not being able to find a practical, transparent solution to preserve existing display name
and photos during this change. We think the short term pain of resetting of this information at each user's convenience
is better than a complicated attempt to coordinate every install through a fragile, sequence-dependent, multi-version upgrade process.
Until now, user profile information was set by gathering information via our questionnaire feature.
We thought that was cool, but turned out to be overly complex to support. Having a traditional account
settings feature provides for better extensibility and easier use. We've been wanting to make this change for a while.
Feature changes
- Replace questionnaire-style account settings (e.g., user profile) with traditional user information form.
- Add a set of default headers (through hidden inputs and a html form) for the SSP CSV export, dubbed Quick CSV.
- Add makecmmcstatements admin command to create library component statements with CMMC content based on existing content.
- Create RemoteStatement model in controls to better track relationship between statements created from other statements.
- Add
change_log
field to maintain more accessible history of changes made to statement. - Fixed Selenium to run properly in visbile mode while using Docker. Includes changes to
environment.json
- GovReady-q container name changed from
govready_q_dev
togovready-q-dev
in all commands.
UI changes
- A Quick CSV button on the system security plan page.
Bug fix
- Correctly handle exporting library components when component has zero statements to avoid crashing exportcomponentlibrary command.
- Add execute permissions to
/dev_env/docker/remote_interpreter/python_env.sh b/dev_env/docker/remote_interpreter/python_env.sh
- Fix control group titles not showing up in properly in generated SSPs.
- Replace common Unicode characters in generated SSPs (e.g. smart apostrophe, bullets).
Developer changes
Change in environment.json
to better support visible Selenium tests will require deleting current containers and artifacts for local development. On next launch, run:
cd dev_env
rm docker/environment.json
python run.py wipedb
python run.py init
python run.py dev
NOTE: GovReady-q container name changed from govready_q_dev
to govready-q-dev
.
- Replace questionnaire-style account settings (e.g., user profile) with traditional user information form.
- Add a set of default headers (through hidden inputs and a html form) for the SSP CSV export, dubbed Quick CSV.
- Add makecmmcstatements admin command to create library component statements with CMMC content based on existing content.
- Create RemoteStatement model in controls to better track relationship between statements created from other statements.
- Add
change_log
field to maintain more accessible history of changes made to statement. - Refactoring profiles to be standard profiles instead of a special case compliance app. See issue #633.
- Add listcomponents command to generate list of components and ids.
Data changes
- Add letter 'c' prefix to 800-171 rev 2 control ids to be compliant with NIST OSCAL.
- Add
name
,title
fields tositeapp.models.User
. - Set all user's
name
tousername
as part of data migration. - Add Speedy SSP with CMMC catalog.
Version 0.9.10.1
Developer changes
- Add
--stopinvalid
and--no-stopinvalid
to manage behavior on Trestle validation errors during bulk import of components.
Version 0.9.10
Version 0.9.10 makes several important fixes to 0.9.8 and 0.9.9.
v0.9.10 (August 16, 2021)
Developer changes
- Component tags now correctly included on OSCAL component export and included on OSCAL component import.
- Component tags now correctly included on OSCAL SSP generation.
Bug fix
- Add the catalog_key to statement's
sid_class
andsource
fields when adding new statement to a component in library.
Data fix
- Add migration in controls to load default control catalogs into CatalogData in database. Remove loading of catalogs via first_run command.
v0.9.9 (August 12, 2021)
UI changes
- Improve speed control selection auto-complete.
- Various improvements to domponent add statement form: better alignment, validate control selected before saving, show/hide "Add component statement" button appropriately.
Developer changes
- Move creation of users in first_run to earlier in script.
- Use faster bulk_create importing components.
Data changes
- Update sample components to OSCAL 1.0.0.
- Change CatalogData JSONFields to Django JSONField for better searching options.
- Import components and their statements even when catalog not found or statement control ids are not found in referenced catalog.
Version 0.9.8
Developer changes
- Add SystemSettings
auto_start_project
to permit the automatic start of a particular project and automatic start of a question. - Add questions actions to redirect to project home page or project components.
- Support auto start of project via global System Setting.
- Create new route for displaying a single system component control.
- New controls.models.System property producer_elements_control_impl_smts_dict to get dictionary of control implementation statements associated with a system element.
- New controls.models.System property producer_elements_control_impl_smts_status_dict to get dictionary of status of control implementation statements associated with a system element.
Data changes
- Add JSONfield
value
to SystemSettings model to support specific detail values. - Retrieve Catalog data from database instead of file system with new controls.models.CatalogData model.
Version 0.9.7
v0.9.7 (August 06, 2021)
UI changes
- Display datagrid question wider and with smaller fonts.
- Display existance of legacy statement in project system's selected controls.
Developer changes
-
Support datagrid specifying select type cell.
-
Added new function OSCAL_ssp_export in order to export a system's security plan in OSCAL, this replaces the usual JSON export. Added a several fields of data for OSCAL SSP.
-
If a component to be imported has a catalog key that is not found in the internal or external catalog list then it will be skipped and logged
-
If no statements are created the resulting element/component is deleted
-
Component and System Security Plan exports pass OSCAL 1.0.0 schema validation
-
Added a proxy for parties and responsible parties for component OSCAL export
-
Coverage 6.0b1 starts to use a modern hash algorithm (sha256) when fingerprinting for high-security environments, upgrading to avoid this safety fail.
-
Validate Component import and SSP with trestle the package
-
Bug fixes
-
Fix count on project system's components associated with a control (avoid double counting)
Version 0.9.6
v0.9.6 (July 15, 2021)
UI changes
- Display legacy control implementation statements within system's statements.
- Added compare components button to compare one component's statements to other selected components.
- Added a Select/Deselect button for component comparison choice.
- Add accordion to assessment page to provide information on getting data from Wazuh.
- Add form to Assessments page to collect Wazuh information.
- Drag and Drop template for file uploads
Bug fixes
- Set component library detail page Systems tab to not be inactive and thus remove the content from the System tab showing up on the Control Implementation Statements tab.
Developer changes
- Add custom Django command to batch import legacy control implementation statements from legacy SSPs Excel spreadsheet exports. Currently supports CSAM.
- Added missing unit test for portfolio project endpoint.
- Add
sec_srvc.SecurityService
class to represent a security service from which data could be collected.
Data changes
- Set all
StatementTypeEnum.<LABEL>.value
toStatementTypeEnum.<LABEL>.name
in order for relevant label/term to show up in Django database admin interface. - Create baselines for CMMC catalog.
- Fisma impact level is now represented as Security Sensitivity level following OSCAL's schema.