stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7be4e855d69f59ea7837af96fef37fdac63a41fe
git.stella-ops.org/docs/features/checked/policy/ntia-compliance-validation-with-supplier-trust-verification.md
master 9ca2de05df more features checks. setup improvements
2026-02-13 02:04:55 +02:00

42 lines
2.3 KiB
Markdown
Raw Blame History

# NTIA Compliance Validation with Supplier Trust Verification
## Status
IMPLEMENTED
## Description
Sprint described NTIA minimum element compliance checking with supplier trust scoring and regulatory framework mapping (FDA/CISA/EU CRA). No dedicated implementation library found. May have been folded into the SBOM validation layer or deferred despite DONE status in the sprint.
## Why Marked as Dropped (Correction)
**FINDING: NTIA compliance validation IS implemented.** A dedicated namespace exists under `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/`:
- `NtiaBaselineValidator.cs` -- validates NTIA minimum elements baseline compliance
- `NtiaComplianceModels.cs` -- compliance data models
- `NtiaComplianceReporter.cs` -- generates compliance reports
- `RegulatoryFrameworkMapper.cs` -- maps to regulatory frameworks (FDA/CISA/EU CRA)
- `SupplierValidator.cs` -- supplier trust verification
Additional integration:
- CLI integration: `src/Cli/StellaOps.Cli/Commands/SbomCommandGroup.cs` references NTIA compliance
- Policy engine integration: `src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyExpressionEvaluator.cs`, `PolicyEvaluationContext.cs`, `PolicyRuntimeEvaluationService.cs`
- DI registration: `src/Policy/StellaOps.Policy.Engine/DependencyInjection/PolicyEngineServiceCollectionExtensions.cs`
## Implementation Details
- NTIA baseline validator: `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/NtiaBaselineValidator.cs`
- Compliance models: `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/NtiaComplianceModels.cs`
- Compliance reporter: `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/NtiaComplianceReporter.cs`
- Regulatory framework mapper: `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/RegulatoryFrameworkMapper.cs`
- Supplier validator: `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/SupplierValidator.cs`
## E2E Test Plan
- Verify NTIA baseline validation against compliant and non-compliant SBOMs
- Test regulatory framework mapping for FDA, CISA, EU CRA
- Validate supplier trust scoring
- Test CLI SBOM commands include NTIA compliance checks
## Source
- SPRINT_20260119_023_Compliance_ntia_supplier.md
## Notes
- Module: Policy
- Modules referenced: `src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/`
- **Status should be reclassified from NOT_FOUND to IMPLEMENTED**
Reference in New Issue View Git Blame Copy Permalink