oxigdal-security 0.1.4

Enterprise security features for OxiGDAL: encryption, access control, compliance
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

//! FedRAMP compliance.

use crate::compliance::{ComplianceCheckResult, ComplianceStandard};

/// FedRAMP compliance checker.
pub struct FedRampCompliance {
    encryption_enabled: bool,
    mfa_enabled: bool,
    #[allow(dead_code)]
    incident_response_plan: bool,
    #[allow(dead_code)]
    continuous_monitoring: bool,
}

impl FedRampCompliance {
    /// Create new FedRAMP compliance checker.
    pub fn new() -> Self {
        Self {
            encryption_enabled: false,
            mfa_enabled: false,
            incident_response_plan: false,
            continuous_monitoring: false,
        }
    }

    /// Check compliance.
    pub fn check(&self) -> ComplianceCheckResult {
        let mut issues = Vec::new();
        let mut recommendations = Vec::new();

        if !self.encryption_enabled {
            issues.push("FIPS 140-2 encryption not enabled".to_string());
            recommendations.push("Enable FIPS 140-2 validated encryption".to_string());
        }

        if !self.mfa_enabled {
            issues.push("Multi-factor authentication not enabled".to_string());
            recommendations.push("Implement MFA for all users".to_string());
        }

        ComplianceCheckResult {
            standard: ComplianceStandard::FedRAMP,
            compliant: issues.is_empty(),
            issues,
            recommendations,
        }
    }
}

impl Default for FedRampCompliance {
    fn default() -> Self {
        Self::new()
    }
}