stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/policy/ntia-compliance-validation-with-supplier-trust-verification.md

2.3 KiB
Raw Blame History

NTIA Compliance Validation with Supplier Trust Verification

Status

IMPLEMENTED

Description

Sprint described NTIA minimum element compliance checking with supplier trust scoring and regulatory framework mapping (FDA/CISA/EU CRA). No dedicated implementation library found. May have been folded into the SBOM validation layer or deferred despite DONE status in the sprint.

Why Marked as Dropped (Correction)

FINDING: NTIA compliance validation IS implemented. A dedicated namespace exists under src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/:

  • NtiaBaselineValidator.cs -- validates NTIA minimum elements baseline compliance
  • NtiaComplianceModels.cs -- compliance data models
  • NtiaComplianceReporter.cs -- generates compliance reports
  • RegulatoryFrameworkMapper.cs -- maps to regulatory frameworks (FDA/CISA/EU CRA)
  • SupplierValidator.cs -- supplier trust verification

Additional integration:

  • CLI integration: src/Cli/StellaOps.Cli/Commands/SbomCommandGroup.cs references NTIA compliance
  • Policy engine integration: src/Policy/StellaOps.Policy.Engine/Evaluation/PolicyExpressionEvaluator.cs, PolicyEvaluationContext.cs, PolicyRuntimeEvaluationService.cs
  • DI registration: src/Policy/StellaOps.Policy.Engine/DependencyInjection/PolicyEngineServiceCollectionExtensions.cs

Implementation Details

  • NTIA baseline validator: src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/NtiaBaselineValidator.cs
  • Compliance models: src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/NtiaComplianceModels.cs
  • Compliance reporter: src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/NtiaComplianceReporter.cs
  • Regulatory framework mapper: src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/RegulatoryFrameworkMapper.cs
  • Supplier validator: src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/SupplierValidator.cs

E2E Test Plan

  • Verify NTIA baseline validation against compliant and non-compliant SBOMs
  • Test regulatory framework mapping for FDA, CISA, EU CRA
  • Validate supplier trust scoring
  • Test CLI SBOM commands include NTIA compliance checks

Source

  • SPRINT_20260119_023_Compliance_ntia_supplier.md

Notes

  • Module: Policy
  • Modules referenced: src/Policy/__Libraries/StellaOps.Policy/NtiaCompliance/
  • Status should be reclassified from NOT_FOUND to IMPLEMENTED