-
Notifications
You must be signed in to change notification settings - Fork 0
/
attestationModelRedone.html
352 lines (330 loc) · 10.6 KB
/
attestationModelRedone.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Generated HTML Table</title>
<style>
body {
font-family: Arial, sans-serif;
}
input[type="checkbox"] {
margin-right: 5px;
transform: scale(1.5);
}
strong {
font-weight: bold;
}
/* Style for checked checkboxes */
input[type="checkbox"]:checked+strong+label::before {
color: #007bff;
/* Change color for checked text */
}
table {
border-collapse: collapse;
width: 50%;
margin-top: 20px;
}
th,
td {
border: 1px solid black;
padding: 8px;
text-align: left;
}
.inline-display-class {
display: inline-block;
margin-bottom: 10px;
width: 150px;
}
.inline-display-class-in {
display: inline-block;
margin-bottom: 10px;
font-weight: bold;
width: 150px;
}
</style>
</head>
<body>
<div id="sectionForm">
<h2><strong>Section I</strong></h2>
<div>
{% if data[20]=='New Attestation' %}
<input type="checkbox" checked /><strong>[X] New Attestation</strong>
{% else %}
<input type="checkbox" />[ ] New Attestation
{% endif %}
{% if data[20]=='Attestation Following Extension or Waiver' %}
<input type="checkbox" checked /><strong>[X] Attestation Following Extension or Waiver</strong>
{% else %}
<input type="checkbox" />[ ] Attestation Following Extension or Waiver
{% endif %}
{% if data[20]=='Revised Attestation' %}
<input type="checkbox" checked /><strong>[X] Revised Attestation</strong>
{% else %}
<input type="checkbox" />[ ] Revised Attestation
{% endif %}
</div>
<div>
<h2>Type of Attestation:</h2>
{% if data[21] == 'Company-wide' %}
<input type="checkbox" checked /><strong>[X] Company-wide</strong>
{% else %}
<input type="checkbox" /> <strong>[ ] Company-wide</strong>
{% endif %}
{% if data[21] == 'Individual Product' %}
<input type="checkbox" checked /><strong>[X] Individual Product</strong>
{% else %}
<input type="checkbox" /><strong>[ ] Individual Product</strong>
{% endif %}
{% if data[21] == 'Multiple Products or Specific Product Version(s)' %}
<input type="checkbox" checked /><strong>[X] Multiple Products or Specific Product Version(s) (please provide
complete list)</strong>
{% else %}
<input type="checkbox" /><strong>[ ] Multiple Products or Specific Product Version(s) (please provide complete
list)</strong>
{% endif %}
</div>
<p>If this attestation is for an individual product, multiple
products, or product line, provide the
software name, version number, and release/publish date to which this attestation applies.
Additional pages can be attached to this attestation if more lines are needed: </p>
<div>
<table>
<thead>
<tr>
<th>Product(s) Name</th>
<th>Version Number (if applicable)</th>
<th>Release/Publish Date (if applicable)</th>
</tr>
</thead>
<tbody>
{% for p in products %}
<tr class="product" pId="{{ p[0]+'_'+p[1] }}" val="">
<td>{{ p[0] }}</td>
<td>{{ p[1] }}</td>
<td>{{ p[2] }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<p>For the above specified software, this form does not cover any
components of that software that
fall into the following categories:</p>
<ol>
<li>Software developed by Federal agencies;</li>
<li>Open source software that is freely and directly obtained directly by a Federal agency; or</li>
<li>Software that is freely obtained and publicly available.</li>
</ol>
<p>
Note: In signing this attestation, software producers are attesting to adhering to the secure
software development practices outlined in Section III. </p>
<div id="sectionForm2" s="{{ section_id }}" a="{{ attestation_id }}">
<h3>1. Software Producer Information</h3>
<div>
<div class="inline-display-class-in">
Company Name:
</div>
<div class="inline-display-class">
{{ data[1] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Address:
</div>
<div class="inline-display-class">
{{ data[2] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
City:
</div>
<div class="inline-display-class">
{{ data[3] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
State or Province:
</div>
<div class="inline-display-class">
{{ data[4] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Postal Code:
</div>
<div class="inline-display-class">
{{ data[5] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Country:
</div>
<div class="inline-display-class">
{{ data[6] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Email:
</div>
<div class="inline-display-class">
{{ data[7] }}
</div>
</div>
<h3>2. Primary Contact for this Document and Related</h3>
<h4>Information (may be an individual, role, or group):</h4>
<div>
<div class="inline-display-class-in">
Name:
</div>
<div class="inline-display-class">
{{ data[8] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Title:
</div>
<div class="inline-display-class">
{{ data[9] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Contact Address:
</div>
<div class="inline-display-class">
{{ data[10] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Phone Number:
</div>
<div class="inline-display-class">
{{ data[11] }}
</div>
</div>
<div>
<div class="inline-display-class-in">
Email:
</div>
<div class="inline-display-class">
{{ data[12] }}
</div>
</div>
</div>
<div>
<h3>Section III</h3>
{% if data[15] == 1 %}
<div class="collapse bg-base-200">
<!-- <input type="radio" name="my-accordion-1" checked="checked" /> -->
<div class="collapse-title text-xl font-medium">
Attestation and Signature
</div>
<div class="collapse-content flex flex-col">
<p class="font-[300] text-md">
On behalf of the above-specified company, I attest that [software producer] presently makes
consistent use of the following practices, derived from the secure software development
framework (SSDF),4 in developing the software identified in Section I:
</p>
<p class="font-[600] text-md">
1) The software is developed and built in secure environments. Those environments are secured
by the following actions, at a minimum:
</p>
<p class="font-[300] text-md">
a) Separating and protecting each environment involved in developing and building
software;
</p>
<p class="font-[300] text-md">
b) Regularly logging, monitoring, and auditing trust relationships used for authorization and
access:
</p>
<p class="font-[300] text-md">
i) to any software development and build environments; and
</p>
<p class="font-[300] text-md">
ii) among components within each environment;
</p>
<p class="font-[300] text-md">
c) Enforcing multi-factor authentication and conditional access across the environments
relevant to developing and building software in a manner that minimizes security risk;
</p>
<p class="font-[300] text-md">
d) Taking consistent and reasonable steps to document, as well as minimize use or inclusion
of software products that create undue risk within the environments used to develop and
build software;
</p>
<p class="font-[300] text-md">
e) Encrypting sensitive data, such as credentials, to the extent practicable and based on risk;
</p>
<p class="font-[300] text-md">
f) Implementing defensive cybersecurity practices, including continuous monitoring of
operations and alerts and, as necessary, responding to suspected and confirmed cyber
incidents;
</p>
<p class="font-[600] text-md">
2) The software producer has made a good-faith effort to maintain trusted source code supply
chains by employing automated tools or comparable processes to address the security of
internal code and third-party components and manage related vulnerabilities;
</p>
<p class="font-[600] text-md">
3) The software producer maintains provenance for internal code and third-party components
incorporated into the software;
</p>
<p class="font-[600] text-md">
4) The software producer employs automated tools or comparable processes that check for
security vulnerabilities. In addition:
</p>
<p class="font-[300] text-md">
a) The software producer operates these processes on an ongoing basis and, at a minimum,
prior to product, version, or update releases;
</p>
<p class="font-[300] text-md">
b) The software producer has a policy or process to address discovered security
vulnerabilities prior to product release; and
</p>
<p class="font-[300] text-md">
c) The software producer operates a vulnerability disclosure program and accepts, reviews,
and addresses disclosed software vulnerabilities in a timely fashion and according to any
timelines specified in the vulnerability disclosure program or applicable policies.
</p>
<div class="flex flex-row my-4">
<label for="accept-terms"><strong>[X]</strong> To the best of my knowledge, I attest that all requirements
outlined above are
consistently
maintained and satisfied. I further attest the company will notify all impacted agencies if
conformance to any element of this attestation is no longer valid.</label>
</div>
</div>
</div>
{% elif data[14] == 1 %}
<div class="collapse bg-base-200">
<input type="radio" name="my-accordion-1" />
<div class="collapse-title text-xl font-medium">
Attestation by Third Party
</div>
<div class="collapse-content">
<input class="checkbox mr-2" type="checkbox" id="third-party-terms" name="accept-terms"
value={{terms.thirdPartyTerms}}>
<label for="third-party-terms"><strong>[X]</strong>A Third Party Assessor Organization (3PAO), either
FedRAMP-certified or
approved
in
writing by an appropriate agency official, has evaluated our conformance with all elements in
this form. The 3PAO used relevant NIST Guidance that includes all elements outlined in this
form as part of the assessment baseline. The assessment is attached.
</label>
<a></a>
</div>
</div>
{% endif %}
</div>
</div>
</body>