kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
019924f78cfe2e860b9184fac4e611d5f190db02
Aegis/backend/app/routers/compliance.py
kitos 0b82d96bcc
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details
feat(compliance): add ISO/IEC 27001:2022 and ISO/IEC 42001:2023 frameworks 
ISO 27001:2022: 37 Annex A controls across 4 themes (Organizational,
People, Physical, Technological) mapped to MITRE ATT&CK techniques.

ISO 42001:2023: 25 Annex A controls for AI Management Systems mapped to
relevant ATT&CK techniques covering AI supply chain, data pipeline
integrity, model serving security, and third-party AI risk.

Backend: import functions, _import_curated_framework() shared helper,
and POST /compliance/import/iso-27001 + iso-42001 endpoints.
Frontend: API client functions + import buttons in CompliancePage.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 15:50:54 +02:00

155 lines
4.7 KiB
Python
Raw Blame History

"""Compliance endpoints — framework status, reports, and gap analysis.
Thin HTTP adapter: delegates all data logic to compliance_service.
Provides compliance posture assessment by mapping MITRE ATT&CK technique
coverage to compliance framework controls.
"""
from fastapi import APIRouter, Depends
from fastapi.responses import StreamingResponse
from sqlalchemy.orm import Session
from app.database import get_db
from app.dependencies.auth import get_current_user, require_role
from app.models.user import User
from app.services.compliance_service import (
list_frameworks,
get_framework_status,
build_framework_report_csv,
get_framework_gaps,
)
from app.services.compliance_import_service import (
import_nist_800_53_mappings,
import_cis_controls_v8_mappings,
import_dora_mappings,
import_iso_27001_mappings,
import_iso_42001_mappings,
)
router = APIRouter(prefix="/compliance", tags=["compliance"])
# ── GET /compliance/frameworks ────────────────────────────────────────
@router.get("/frameworks")
def list_frameworks_endpoint(
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""List all available compliance frameworks."""
return list_frameworks(db)
# ── GET /compliance/frameworks/{id}/status ────────────────────────────
@router.get("/frameworks/{framework_id}/status")
def framework_status(
framework_id: str,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Get compliance status for each control in a framework."""
return get_framework_status(db, framework_id)
# ── GET /compliance/frameworks/{id}/report ────────────────────────────
@router.get("/frameworks/{framework_id}/report")
def framework_report(
framework_id: str,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Get the full compliance report (same as status but marked as report)."""
return get_framework_status(db, framework_id)
# ── GET /compliance/frameworks/{id}/report/csv ────────────────────────
@router.get("/frameworks/{framework_id}/report/csv")
def framework_report_csv(
framework_id: str,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Export compliance report as CSV."""
csv_bytes, filename = build_framework_report_csv(db, framework_id)
return StreamingResponse(
iter([csv_bytes]),
media_type="text/csv",
headers={
"Content-Disposition": f"attachment; filename={filename}",
},
)
# ── GET /compliance/frameworks/{id}/gaps ──────────────────────────────
@router.get("/frameworks/{framework_id}/gaps")
def framework_gaps(
framework_id: str,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Get controls with techniques that are not adequately covered."""
return get_framework_gaps(db, framework_id)
# ── POST /compliance/import/... ────────────────────────────────────────
@router.post("/import/nist-800-53")
def import_nist(
db: Session = Depends(get_db),
current_user: User = Depends(require_role("admin")),
):
"""Import NIST 800-53 Rev 5 mappings (admin only)."""
result = import_nist_800_53_mappings(db)
return result
@router.post("/import/cis-controls-v8")
def import_cis(
db: Session = Depends(get_db),
current_user: User = Depends(require_role("admin")),
):
"""Import CIS Controls v8 mappings (admin only)."""
result = import_cis_controls_v8_mappings(db)
return result
@router.post("/import/dora")
def import_dora(
db: Session = Depends(get_db),
current_user: User = Depends(require_role("admin")),
):
"""Import DORA (EU 2022/2554) compliance mappings (admin only)."""
result = import_dora_mappings(db)
return result
@router.post("/import/iso-27001")
def import_iso27001(
db: Session = Depends(get_db),
current_user: User = Depends(require_role("admin")),
):
"""Import ISO/IEC 27001:2022 Annex A compliance mappings (admin only)."""
result = import_iso_27001_mappings(db)
return result
@router.post("/import/iso-42001")
def import_iso42001(
db: Session = Depends(get_db),
current_user: User = Depends(require_role("admin")),
):
"""Import ISO/IEC 42001:2023 AI Management System compliance mappings (admin only)."""
result = import_iso_42001_mappings(db)
return result
Reference in New Issue View Git Blame Copy Permalink