diff --git a/.project-words.txt b/.project-words.txt index 36b57c0..2536951 100644 --- a/.project-words.txt +++ b/.project-words.txt @@ -15,7 +15,7 @@ lifecycles NCSC openssf organisations -OCRE +OpenCRE OSCAL OSPS PCIDSS diff --git a/baseline/OSPS-AC.yaml b/baseline/OSPS-AC.yaml index 429c52a..bb4983d 100644 --- a/baseline/OSPS-AC.yaml +++ b/baseline/OSPS-AC.yaml @@ -34,7 +34,7 @@ controls: identifiers: - PR.A-02 - PR.A-05 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -98,7 +98,7 @@ controls: identifiers: - PR.AA-02 - PR.AA-05 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -152,12 +152,12 @@ controls: identifiers: - PR.A-02 - PR.A-05 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 - 152-725 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Branch-Protection - reference-id: PSSCRM @@ -225,7 +225,7 @@ controls: identifiers: - PR.AA-02 - PR.AA-05 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 diff --git a/baseline/OSPS-BR.yaml b/baseline/OSPS-BR.yaml index 68c361a..5089ff9 100644 --- a/baseline/OSPS-BR.yaml +++ b/baseline/OSPS-BR.yaml @@ -29,7 +29,7 @@ controls: - reference-id: CSF identifiers: - PR.AA-02 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -93,7 +93,7 @@ controls: - PS.1 - PS.2 - PS.3 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -161,7 +161,7 @@ controls: - PO.5.2 - PS.1 - PS.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 483-813 - 124-564 @@ -243,7 +243,7 @@ controls: - PS.2 - PS.3 - PW.1.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 483-813 - 068-486 @@ -322,7 +322,7 @@ controls: - PO.3.2 - PS.1 - PS.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -377,7 +377,7 @@ controls: - PS.2 - PS.2.1 - PW.6.2 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Signed-Releases - reference-id: SLSA diff --git a/baseline/OSPS-DO.yaml b/baseline/OSPS-DO.yaml index 6155617..57eaff3 100644 --- a/baseline/OSPS-DO.yaml +++ b/baseline/OSPS-DO.yaml @@ -35,10 +35,10 @@ controls: identifiers: - GV.OC-04 - GV.OC-05 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.4 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 036-275 - reference-id: PSSCRM @@ -109,7 +109,7 @@ controls: identifiers: - RS.MA-02 - GV.RM-05 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.2.1 - reference-id: SAMM @@ -167,7 +167,7 @@ controls: - PS.2.1 - PS.3.1 - RV.1.3 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 171-222 - reference-id: PSSCRM @@ -241,7 +241,7 @@ controls: - PO.4.2 - PS.3.1 - RV.1.3 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1 - 4.3.1 @@ -297,11 +297,11 @@ controls: identifiers: - 1.2c - 2.6 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.1 - 4.3.1 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 673-475 - 053-751 @@ -356,11 +356,11 @@ controls: - reference-id: CRA identifiers: - 2.1 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 613-286 - 053-751 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Pinned-Dependencies - reference-id: PSSCRM diff --git a/baseline/OSPS-GV.yaml b/baseline/OSPS-GV.yaml index c23cbe8..ba31e85 100644 --- a/baseline/OSPS-GV.yaml +++ b/baseline/OSPS-GV.yaml @@ -20,7 +20,7 @@ controls: identifiers: - B-S-3 - B-S-4 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 013-021 - reference-id: PSSCRM @@ -137,7 +137,7 @@ controls: - reference-id: SSDF identifiers: - PW.1.2 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.2 - reference-id: PSSCRM @@ -209,11 +209,11 @@ controls: identifiers: - PR.AA-02 - PR.AA-05 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 123-124 - 152-725 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.2 - reference-id: PSSCRM diff --git a/baseline/OSPS-LE.yaml b/baseline/OSPS-LE.yaml index 4526a69..333902b 100644 --- a/baseline/OSPS-LE.yaml +++ b/baseline/OSPS-LE.yaml @@ -81,7 +81,7 @@ controls: - reference-id: CSF identifiers: - GV.OC-03 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - License - reference-id: PSSCRM @@ -142,7 +142,7 @@ controls: - reference-id: SSDF identifiers: - PO.3.2 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - License - reference-id: PSSCRM diff --git a/baseline/OSPS-QA.yaml b/baseline/OSPS-QA.yaml index 9b798ab..9193f52 100644 --- a/baseline/OSPS-QA.yaml +++ b/baseline/OSPS-QA.yaml @@ -35,7 +35,7 @@ controls: - PS.3 - PW.1.2 - PW.2.1 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -45,7 +45,7 @@ controls: - ID.AM-02 - ID.RA-01 - ID.RA-08 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.4 - reference-id: SLSA @@ -121,11 +121,11 @@ controls: identifiers: - ID.AM.01 - ID.AM-02 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - 4.3.1 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -203,10 +203,10 @@ controls: - reference-id: CSF identifiers: - ID.IM-02 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 263-184 - 253-452 @@ -266,14 +266,14 @@ controls: - PS.1 - PS.2 - RV.1.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 - reference-id: SLSA identifiers: - Build platform - isolation strength - Isolated - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Binary-Artifacts - reference-id: PSSCRM @@ -328,7 +328,7 @@ controls: identifiers: - PS.1 - PS.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 486-813 - 124-564 @@ -389,14 +389,14 @@ controls: - reference-id: CSF identifiers: - ID.AM-02 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 207-435 - 088-377 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - CI-Tests - reference-id: PSSCRM @@ -471,7 +471,7 @@ controls: - reference-id: BPB identifiers: - B-G-3 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Code-Review - reference-id: PSSCRM diff --git a/baseline/OSPS-SA.yaml b/baseline/OSPS-SA.yaml index 0b9d627..9a01f81 100644 --- a/baseline/OSPS-SA.yaml +++ b/baseline/OSPS-SA.yaml @@ -32,7 +32,7 @@ controls: - reference-id: CSF identifiers: - ID.AM-02 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 155-155 - 326-704 @@ -108,10 +108,10 @@ controls: identifiers: - GV.OC-05 - ID.AM-01 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.4 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 155-155 - 068-102 @@ -174,10 +174,10 @@ controls: - ID.RA-04 - ID.RA-05 - DE.AE-07 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 068-102 - 154-031 diff --git a/baseline/OSPS-VM.yaml b/baseline/OSPS-VM.yaml index dd5aa83..d759101 100644 --- a/baseline/OSPS-VM.yaml +++ b/baseline/OSPS-VM.yaml @@ -40,15 +40,15 @@ controls: - GV.PO-02 - ID.RA-01 - ID.RA-08 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - 4.2.1 - 4.3.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 887-750 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Security-Policy - reference-id: PSSCRM @@ -126,16 +126,16 @@ controls: - GV.PO-01 - GV.PO-02 - ID.RA-01 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.1 - 4.1.3 - 4.1.5 - 4.2.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 464-513 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Security-Policy - reference-id: SAMM @@ -176,7 +176,7 @@ controls: identifiers: - 2.5 - 2.6 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 308-514 - reference-id: SAMM @@ -227,7 +227,7 @@ controls: - reference-id: CSF identifiers: - ID.RA-01 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - reference-id: PSSCRM @@ -324,13 +324,13 @@ controls: - ID.RA-01 - ID.RA-08 - ID.IM-02 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - 4.2.1 - 4.2.2 - 4.3.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 155-155 - 124-564 @@ -339,7 +339,7 @@ controls: - 611-158 - 207-435 - 088-377 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Security-Policy - Vulnerabilities @@ -453,13 +453,13 @@ controls: - ID.RA-01 - ID.RA-08 - ID.IM-02 - - reference-id: OC + - reference-id: ISO-18974 identifiers: - 4.1.5 - 4.2.1 - 4.2.2 - 4.3.2 - - reference-id: OCRE + - reference-id: OpenCRE identifiers: - 155-155 - 124-564 @@ -468,7 +468,7 @@ controls: - 611-158 - 207-435 - 088-377 - - reference-id: ScCrd + - reference-id: Scorecard identifiers: - Security-Policy - Vulnerabilities diff --git a/baseline/lexicon.yaml b/baseline/lexicon.yaml index 79beb27..a54808f 100644 --- a/baseline/lexicon.yaml +++ b/baseline/lexicon.yaml @@ -235,7 +235,7 @@ definition: | A Linux Foundation project that oversee two ISO/IEC standards to better understand and manage software supply chains. synonyms: - - OC + - "18974" - ISO/IEC 5230 - ISO/IEC 18974 references: @@ -245,7 +245,7 @@ definition: | An OWASP project that converts cybersecurity requirements into a hierarchical, machine-readable format. synonyms: - - OCRE + - OpenCRE references: - https://www.opencre.org/ - https://zeljkoobrenovic.github.io/opencre-explorer/ diff --git a/baseline/metadata.yaml b/baseline/metadata.yaml index 806ad7b..4ec6e65 100644 --- a/baseline/metadata.yaml +++ b/baseline/metadata.yaml @@ -117,7 +117,7 @@ mapping-references: increasing levels of software security and supply chain integrity. It’s how you get from safe enough to being as resilient as possible, at any link in the chain. - - id: "18974" + - id: ISO-18974 title: ISO/IEC 18974 version: "1.0 - 2023-12" url: https://openchainproject.org/security-assurance