Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version 2

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2022.1

...

The following configuration files provide CERT C-oriented compliance categories in DTP interfaces:

  • CERT_C-CategoriesCategory.xml
  • CERT_C-Guideline-Recommendation.xml
  • CERT_C-Guideline-Rule.xml
  • CERT_C-Guideline.xml
  • CERT_C-Priority.xml

...

You can configure C/C++test to run the test configurations shipped with the tool or with the Security Compliance Pack. Refer to the C/C++test documentation for details. The following test configurations are included with the pack:

  • SEI CERT C Guidelines [Parasoft 2021.2]. properities
  • SEI CERT C++ Rules [Parasoft 2021.2].properties

Dashboards

After installing the Security Compliance Pack and deploying the CERT compliance artifacts, you will be able to quickly add widgets configured to show CERT-related data by using the following dashboard templates:

...

You can apply profiles to DTP Enterprise Pack extensions that perform custom calculations and drive reporting mechanisms in DTP. 

  • cert-compliance.json:  This is the This model file that describes how the cert-c-2018.json profile renders the data. The same model is used for the CERT C and CERT C++ Complianceprofiles render the data
  • cert-c.json: This is the default profile that renders data according to the cert-compliance.json model. This profile should be enabled to generate compliance audit reports.
  • cert-c-likelihood.json: This profile provides metric information for key performance indicator (KPI) calculations. It renders data according to the KPI.json model.
  • cert-c-remediation-cost.json: This profile provides metric information for KPI calculations. It renders data according to the KPI.json model.

...

TitleYou can rename the widget in the Title field. This setting is available for all widgets.
FilterChoose a specific filter or Dashboard Settings from the drop-down menu. See Creating and Managing Filters for additional information. This setting is available for all widgets.
Target BuildChoose a specific build from the drop-down menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds. This setting is available for all widgets. 
Type

This rule specifies which type of guideline you want to view in the widget. Choose either Rule, Recommendation, or All from the drop-down menu. See Background for additional information about guideline types. This setting is available for the following widgets:

  • CERT Compliance - Guidelines by Status
  • CERT Levels - Target
  • CERT Violations by Category - TreeMap
Level

This rule specifies which priority level you want to view in the widget. Choose either L1, L2, or L3 from the drop-down menu. See Background for additional information about guideline priorities. This setting is available for the following widgets:

  • CERT Compliance - Guideline by Status
  • CERT Compliance - Percentage
  • CERT Violations by Category - TreeMTreeMap
Compliance ProfileSpecify the compliance profile you want to use to view the data. In most cases, this should be the default profile shipped with the extension (see About the CERT Compliance Profile). This setting is available for all widgets.

...

Metrics-related calculations are long-running processes and may take several minutes to execute depending on how much data you have to process. After the calculation completes, add the widgets to your dashboard to view the data. The KPI extension only needs to be deployed once, but you must invoke the API separately for each profile, i.e., SEI CERT C Likelihood and SEI CERT C Remediation Cost.

If you are not using the CERT C dashboard template or want For additional views of the metrics, you can manually add instances of the native the native Metrics - Summary DTP widget to your dashboard and configure them to use the SEI CERT C Likelihood and SEI CERT C Remediation Cost metrics, as well as set the aggregation value: 

...