Claudia
fd7d75c0ed
Some checks failed
Tests / test (push) Failing after 2s
- Merged all unique darkplex-core modules into cortex: - intelligence/ subfolder (anticipator, collective, shared_memory, knowledge_cleanup, temporal, llm_extractor, loop) - governance/ subfolder (policy engine, risk scorer, evidence, enforcer, report generator) - entity_manager.py, knowledge_extractor.py - Fixed bare 'from intelligence.' imports to 'from cortex.intelligence.' - Added 'darkplex' CLI alias alongside 'cortex' - Package renamed to darkplex-core v0.2.0 - 405 tests passing (was 234) - 14 new test files covering all merged modules
70 lines
2 KiB
YAML
70 lines
2 KiB
YAML
# ISO 27001 Annex A Controls → NATS Event Streams Mapping
|
|
#
|
|
# Maps governance event types to ISO 27001:2022 Annex A controls.
|
|
# Used by the Evidence Collector to tag evidence with applicable controls.
|
|
|
|
version: "1.0.0"
|
|
|
|
mappings:
|
|
# A.5 — Organizational Controls (Information Security Policies)
|
|
- controls:
|
|
- "A.5.1" # Policies for information security
|
|
- "A.5.2" # Information security roles and responsibilities
|
|
- "A.5.4" # Management responsibilities
|
|
event_types:
|
|
- policy_evaluation
|
|
- policy_update
|
|
- policy_violation
|
|
nats_subjects:
|
|
- "governance.policy.>"
|
|
|
|
# A.5.10-12 — Acceptable use, return, classification
|
|
- controls:
|
|
- "A.5.10" # Acceptable use of information
|
|
- "A.5.12" # Classification of information
|
|
- "A.5.13" # Labelling of information
|
|
event_types:
|
|
- data_access
|
|
- data_classification
|
|
- data_export
|
|
nats_subjects:
|
|
- "governance.data.>"
|
|
|
|
# A.8 — Technology Controls (Asset Management)
|
|
- controls:
|
|
- "A.8.1" # User endpoint devices
|
|
- "A.8.2" # Privileged access rights
|
|
- "A.8.5" # Secure authentication
|
|
- "A.8.9" # Configuration management
|
|
- "A.8.16" # Monitoring activities
|
|
event_types:
|
|
- agent_authentication
|
|
- agent_action
|
|
- system_configuration
|
|
- monitoring_alert
|
|
nats_subjects:
|
|
- "governance.agent.>"
|
|
- "governance.system.>"
|
|
|
|
# A.9 — Access Control
|
|
- controls:
|
|
- "A.5.15" # Access control
|
|
- "A.5.16" # Identity management
|
|
- "A.5.17" # Authentication information
|
|
- "A.5.18" # Access rights
|
|
event_types:
|
|
- access_request
|
|
- access_granted
|
|
- access_denied
|
|
- role_change
|
|
nats_subjects:
|
|
- "governance.access.>"
|
|
|
|
# A.5.23-25 — Supplier/Cloud
|
|
- controls:
|
|
- "A.5.23" # Information security for cloud services
|
|
event_types:
|
|
- external_api_call
|
|
- cloud_service_access
|
|
nats_subjects:
|
|
- "governance.external.>"
|