diff --git a/CG_Files/Network_2/hipaa.nm b/CG_Files/Network_2/hipaa.nm new file mode 100644 index 0000000..565eeee --- /dev/null +++ b/CG_Files/Network_2/hipaa.nm @@ -0,0 +1,101 @@ +network model = + assets: + # Employees + emp1; + emp2; + emp3; + emp4; + emp5; + + # "Company" Asset + company; + + # Database Asset + db; + + facts: + # Employee Info yr/mo/day + quality:emp1,current_emp=true; + quality:emp2,current_emp=true; + quality:emp3,current_emp=true; + quality:emp4,current_emp=true; + quality:emp5,current_emp=true; + + quality:emp1,TIME_ADVANCE_STEP=0; + quality:emp2,TIME_ADVANCE_STEP=0; + quality:emp3,TIME_ADVANCE_STEP=0; + quality:emp4,TIME_ADVANCE_STEP=0; + quality:emp5,TIME_ADVANCE_STEP=0; + + quality:emp1,hipaa_training_date=20220210; + quality:emp2,hipaa_training_date=20210823; + quality:emp3,hipaa_training_date=20210510; + quality:emp4,hipaa_training_date=20220307; + quality:emp5,hipaa_training_date=20211124; + + quality:emp1,pol_proc_attestation=20210510; + quality:emp2,pol_proc_attestation=20220307; + quality:emp3,pol_proc_attestation=20211124; + quality:emp4,pol_proc_attestation=20210823; + quality:emp5,pol_proc_attestation=20220210; + + quality:emp5,hipaa_compliance_officer=true; + quality:emp4,hipaa_privacy_officer=true; + quality:emp3,hipaa_security_officer=true; + quality:emp5,can_rm_emp=true; + quality:emp4,can_rm_emp=true; + quality:emp3,can_rm_emp=true; + + quality:emp1,has_pin=true; + quality:emp2,has_pin=true; + quality:emp3,has_pin=true; + quality:emp4,has_pin=true; + quality:emp5,has_pin=true; + + quality:emp1,uses_mobile=false; + quality:emp2,uses_mobile=false; + quality:emp3,uses_mobile=true; + quality:emp3,mobile_regs=true; + quality:emp4,uses_mobile=false; + quality:emp5,uses_mobile=true; + quality:emp5,mobile_regs=true; + + quality:emp1,compliance_vios=0; + quality:emp2,compliance_vios=0; + quality:emp3,compliance_vios=0; + quality:emp4,compliance_vios=0; + quality:emp5,compliance_vios=0; + + # Company Info + quality:company,ephi_lock=true; + quality:company,hw_inventory=true; + quality:company,date=05032022; + quality:company,can_add_emp=true; + + quality:company,sec_risk_assessment=20210913; + quality:company,priv_stand_audit=20211105; + quality:company,hitech_audit=20210515; + quality:company,sec_stand_audit=20210713; + quality:company,asset_dev_audit=20220327; + quality:company,phys_audit=20220413; + + quality:company,deficiencies_logged=20220413; + quality:company,oldest_def_log=20160413; + + quality:company,breach_process=true; + quality:company,anon_reports=true; + + quality:company,compliance_vios=0; + + quality:company,TIME_ADVANCE_STEP=0; + + # Database Info + quality:db,encryption=AES256; + quality:db,cert_expir=20220701; + quality:db,TIME_ADVANCE_STEP=0; + + quality:db,compliance_vios=0; + + topology:emp1<->emp1,comp; + tags: +. diff --git a/CG_Files/Network_2/hipaa.xp b/CG_Files/Network_2/hipaa.xp new file mode 100644 index 0000000..ee836e4 --- /dev/null +++ b/CG_Files/Network_2/hipaa.xp @@ -0,0 +1,193 @@ +exploit hipaa_training(a)= + preconditions: + quality:a,current_emp=true; + quality:a,hipaa_training_date<=20210503; + posconditions: + update quality:a,compliance_vios+=1; +. + +exploit pol_proc_attest(a)= + preconditions: + quality:a,current_emp=true; + quality:a,pol_proc_attestation<=20210503; + posconditions: + update quality:a,compliance_vios+=1; +. + +cofficer group exploit comp_officer(a)= + preconditions: + quality:a,hipaa_compliance_officer=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +pofficer group exploit priv_officer(a)= + preconditions: + quality:a,hipaa_privacy_officer=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +sofficer group exploit sec_officer(a)= + preconditions: + quality:a,hipaa_security_officer=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit access_control(a)= + preconditions: + quality:a,current_emp=true; + quality:a,has_pin=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit mobile(a)= + preconditions: + quality:a,uses_mobile=true; + quality:a,mobile_regs=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit lock(a)= + preconditions: + quality:a,ephi_lock=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit inventory(a)= + preconditions: + quality:a,hw_inventory=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit risk_asses(a)= + preconditions: + quality:a,sec_risk_assessment<=20210503; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit priv_asses(a)= + preconditions: + quality:a,priv_stand_audit<=20210503; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit hitech_asses(a)= + preconditions: + quality:a,hitech_audit<=20210503; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit sec_asses(a)= + preconditions: + quality:a,sec_stand_audit<=20210503; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit dev_asses(a)= + preconditions: + quality:a,asset_dev_audit<=20210503; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit phys_assess(a)= + preconditions: + quality:a,phys_audit<=20210503; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit breach(a)= + preconditions: + quality:a,breach_process=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit report(a)= + preconditions: + quality:a,anon_reports=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit insecure_data(a)= + preconditions: + quality:a,encryption=false; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit expired_c(a)= + preconditions: + quality:a,curr_date>=20220701; + postconditions: + update quality:a,expired_cert=true; +. + +exploit insecure_db(a)= + preconditions: + quality:a,expired_cert=true; + postconditions: + update quality:a,compliance_vios+=1; +. + +exploit new_emp(a)= + preconditions: + quality:a,can_add_emp=true; + postconditions: + update quality:a,can_add_emp=false; + update quality:a,hw_inventory=false; +. + +exploit rm_emp(a)= + preconditions: + quality:a,can_rm_emp=true; + postconditions: + update quality:a,hipaa_compliance_officer=false; + update quality:a,hipaa_privacy_officer=false; + update quality:a,hipaa_security_officer=false; + update quality:a,can_rm_emp=false; +. + +exploit phys_vio(a)= + preconditions: + quality:a,ephi_lock=false; + postconditions: + update quality:a,compliance_vios+=1; + +exploit break_lock(a)= + preconditions: + quality:a,ephi_lock=true; + postcondtions: + quality:a,ephi_lock=false; +. + +time group time_advance(a)= + preconditions: + quality:a,TIME_ADVANCE_STEP<13; + postconditions: + update quality:a,can_add_emp=true; + update quality:a,can_rm_emp=true; + update quality:a,hw_inventory=true; + update quality:a,hipaa_training_date-=100; + update quality:a,pol_proc_attestation-=100; + update quality:a,sec_risk_assessment-=100; + update quality:a,priv_stand_audit-=100; + update quality:a,hitech_audit-=100; + update quality:a,sec_stand_audit-=100; + update quality:a,asset_dev_audit-=100; + update quality:a,phys_audit-=100; +. + +