Update standard v1.0.0 to include "description" field

commands/docs/gitbook/gitbookCertification.go

@@ -90,11 +90,15 @@ func (openControl *OpenControlGitBook) getControlOrigin(text string, controlOrig
 func (openControl *OpenControlGitBook) exportControl(control *ControlGitbook) (string, string) {
 	key := replaceParentheses(fmt.Sprintf("%s-%s", control.standardKey, control.controlKey))
 	text := fmt.Sprintf("#%s\n##%s\n", key, control.GetName())
+	if len(control.GetDescription()) > 0 {
+		text += "#### Description\n"
+		text += control.GetDescription()
+	}
 	selectJustifications := openControl.GetAllVerificationsWith(control.standardKey, control.controlKey)
 	// In the case that no information was found period for the standard and control
 	if len(selectJustifications) == 0 {
 		errorText := fmt.Sprintf("No information found for the combination of standard %s and control %s", control.standardKey, control.controlKey)
-		text = fmt.Sprintf("%s%s\n", text, errorText)
+		text = fmt.Sprintf("%s\n%s\n", text, errorText)
 	}
 	for _, justification := range selectJustifications {
 		component, found := openControl.GetComponent(justification.ComponentKey)

commands/docs/gitbook/gitbookCertification_test.go

@@ -31,6 +31,9 @@ var exportControlTests = []exportControlTest{
 		"NIST-800-53-CM-2.md",
 		`#NIST-800-53-CM-2
 ##Baseline Configuration
+#### Description
+'The organization develops, documents, and maintains under configuration
+control, a current baseline configuration of the information system.'
 
 #### Amazon Elastic Compute Cloud
 

fixtures/exports_fixtures/complete_export/standards/NIST-800-53-AC-2.md

@@ -1,3 +1,32 @@
 #NIST-800-53-AC-2
 ##Account Management
+#### Description
+'The organization:
+a.	Identifies and selects the following types of information system accounts
+to support organizational missions/business functions: [Assignment:
+organization-defined information system account types];
+b.	Assigns account managers for information system accounts;
+c.	Establishes conditions for group and role membership;
+d.	Specifies authorized users of the information system, group and role
+membership, and access authorizations (i.e., privileges) and other
+attributes (as required) for each account;
+e.	Requires approvals by [Assignment: organization-defined personnel or
+roles] for requests to create information system accounts;
+f.	Creates, enables, modifies, disables, and removes information system
+accounts in accordance with [Assignment: organization-defined procedures or
+conditions];
+g.	Monitors the use of information system accounts;
+h.	Notifies account managers:
+  1.	When accounts are no longer required;
+  2.	When users are terminated or transferred; and
+  3.	When individual information system usage or need-to-know changes;
+i.	Authorizes access to the information system based on:
+  1.	A valid access authorization;
+  2.	Intended system usage; and
+  3.	Other attributes as required by the organization or associated missions/business functions;
+j.	Reviews accounts for compliance with account management requirements
+[Assignment: organization-defined frequency]; and
+k.	Establishes a process for reissuing shared/group account credentials (if
+deployed) when individuals are removed from the group.'
+
 No information found for the combination of standard NIST-800-53 and control AC-2

fixtures/exports_fixtures/complete_export/standards/NIST-800-53-AC-6.md

@@ -1,3 +1,9 @@
 #NIST-800-53-AC-6
 ##Least Privilege
+#### Description
+'The organization employs the principle of least privilege, allowing only
+authorized accesses for users (or processes acting on behalf of users) which
+are necessary to accomplish assigned tasks in accordance with organizational
+missions and business functions.'
+
 No information found for the combination of standard NIST-800-53 and control AC-6

fixtures/exports_fixtures/complete_export/standards/NIST-800-53-CM-2.md

@@ -1,5 +1,8 @@
 #NIST-800-53-CM-2
 ##Baseline Configuration
+#### Description
+'The organization develops, documents, and maintains under configuration
+control, a current baseline configuration of the information system.'
 
 #### Amazon Elastic Compute Cloud
 

fixtures/exports_fixtures/complete_export/standards/PCI-DSS-MAY-2015-1.1.1.md

@@ -1,3 +1,4 @@
 #PCI-DSS-MAY-2015-1.1.1
 ##A formal process for approving and testing all network connections and changes to the firewall and router configurations
+
 No information found for the combination of standard PCI-DSS-MAY-2015 and control 1.1.1

fixtures/exports_fixtures/complete_export_with_markdown/standards/NIST-800-53-AC-2.md

@@ -1,3 +1,4 @@
 #NIST-800-53-AC-2
 ##Account Management
+
 No information found for the combination of standard NIST-800-53 and control AC-2

fixtures/exports_fixtures/complete_export_with_markdown/standards/NIST-800-53-AC-6.md

@@ -1,3 +1,4 @@
 #NIST-800-53-AC-6
 ##Least Privilege
+
 No information found for the combination of standard NIST-800-53 and control AC-6

fixtures/exports_fixtures/complete_export_with_markdown/standards/PCI-DSS-MAY-2015-1.1.1.md

@@ -1,3 +1,4 @@
 #PCI-DSS-MAY-2015-1.1.1
 ##A formal process for approving and testing all network connections and changes to the firewall and router configurations
+
 No information found for the combination of standard PCI-DSS-MAY-2015 and control 1.1.1