feat(cra): attach network_security regulatory breadth (shared Controls-API)
Semantic breadth (2): each finding's CRA-AI is mapped to a network_security sub_topic and enriched with atom-grain, framework-traceable obligations from the shared Controls-API (compliance.atom_classification) — at the endpoint/view layer (SessionLocal), NOT in the pure mapper. CRA-AI anchor + curated measure + NIST/OWASP crosswalk stay the lead; this is breadth + source evidence. Only network_security is queried (atom-grain), scoped by sub_topic + limit. Frontend renders it under the collapsible best-practice depth (control_id · title · source). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -0,0 +1,16 @@
|
||||
"""Pin the CRA-AI -> network_security sub_topic map (DB enrichment verified live)."""
|
||||
from compliance.services.cra_use_case_controls import subtopic_for
|
||||
from compliance.api.cra_annex_i_data import ANNEX_I_REQUIREMENTS
|
||||
|
||||
# Exact atom-grain sub_topic keys (verified against the live atom_classification).
|
||||
_VALID = {
|
||||
"access_control", "authentication", "cryptography", "network_segmentation",
|
||||
"logging_monitoring", "supply_chain_security", "vulnerability_management",
|
||||
"incident_response", "secure_development", "data_protection",
|
||||
}
|
||||
|
||||
|
||||
def test_every_requirement_maps_to_a_valid_subtopic():
|
||||
for req in ANNEX_I_REQUIREMENTS:
|
||||
st = subtopic_for(req["req_id"])
|
||||
assert st in _VALID, "{} -> {}".format(req["req_id"], st)
|
||||
Reference in New Issue
Block a user