Network 2 (hipaa network) nm and xp files

2022-04-29 13:38:09 -05:00 · 2022-04-29 13:38:09 -05:00 · 34c2086f5d
commit 34c2086f5d
parent c472b27b4c
2 changed files with 294 additions and 0 deletions
--- a/CG_Files/Network_2/hipaa.nm
+++ b/CG_Files/Network_2/hipaa.nm
@ -0,0 +1,101 @@
 network model = 
 	assets:
 		# Employees
 		emp1;		
 		emp2;
 		emp3;
 		emp4;
 		emp5;
 		# "Company" Asset
 		company;
 		# Database Asset
 		db;
 	facts:
 		# Employee Info					 yr/mo/day
 		quality:emp1,current_emp=true;
 		quality:emp2,current_emp=true;
 		quality:emp3,current_emp=true;
 		quality:emp4,current_emp=true;
 		quality:emp5,current_emp=true;
 		quality:emp1,TIME_ADVANCE_STEP=0;
 		quality:emp2,TIME_ADVANCE_STEP=0;
 		quality:emp3,TIME_ADVANCE_STEP=0;
 		quality:emp4,TIME_ADVANCE_STEP=0;
 		quality:emp5,TIME_ADVANCE_STEP=0;
 		quality:emp1,hipaa_training_date=20220210;
 		quality:emp2,hipaa_training_date=20210823;
 		quality:emp3,hipaa_training_date=20210510;
 		quality:emp4,hipaa_training_date=20220307;
 		quality:emp5,hipaa_training_date=20211124;
 		quality:emp1,pol_proc_attestation=20210510;
 		quality:emp2,pol_proc_attestation=20220307;
 		quality:emp3,pol_proc_attestation=20211124;
 		quality:emp4,pol_proc_attestation=20210823;
 		quality:emp5,pol_proc_attestation=20220210;
 		quality:emp5,hipaa_compliance_officer=true;
 		quality:emp4,hipaa_privacy_officer=true;
 		quality:emp3,hipaa_security_officer=true;
 		quality:emp5,can_rm_emp=true;
 		quality:emp4,can_rm_emp=true;
 		quality:emp3,can_rm_emp=true;
 		quality:emp1,has_pin=true;
 		quality:emp2,has_pin=true;
 		quality:emp3,has_pin=true;
 		quality:emp4,has_pin=true;
 		quality:emp5,has_pin=true;
 		quality:emp1,uses_mobile=false;
 		quality:emp2,uses_mobile=false;
 		quality:emp3,uses_mobile=true;
 		quality:emp3,mobile_regs=true;
 		quality:emp4,uses_mobile=false;
 		quality:emp5,uses_mobile=true;
 		quality:emp5,mobile_regs=true;
 		quality:emp1,compliance_vios=0;
 		quality:emp2,compliance_vios=0;
 		quality:emp3,compliance_vios=0;
 		quality:emp4,compliance_vios=0;
 		quality:emp5,compliance_vios=0;
 		# Company Info
 		quality:company,ephi_lock=true;
 		quality:company,hw_inventory=true;
 		quality:company,date=05032022;
 		quality:company,can_add_emp=true;
 		quality:company,sec_risk_assessment=20210913;
 		quality:company,priv_stand_audit=20211105;
 		quality:company,hitech_audit=20210515;
 		quality:company,sec_stand_audit=20210713;
 		quality:company,asset_dev_audit=20220327;
 		quality:company,phys_audit=20220413;
 		quality:company,deficiencies_logged=20220413;
 		quality:company,oldest_def_log=20160413;
 		quality:company,breach_process=true;
 		quality:company,anon_reports=true;
 		quality:company,compliance_vios=0;
 		quality:company,TIME_ADVANCE_STEP=0;
 		# Database Info
 		quality:db,encryption=AES256;
 		quality:db,cert_expir=20220701;
 		quality:db,TIME_ADVANCE_STEP=0;
 		quality:db,compliance_vios=0;
 	topology:emp1<->emp1,comp;
 	tags:
 .
--- a/CG_Files/Network_2/hipaa.xp
+++ b/CG_Files/Network_2/hipaa.xp
@ -0,0 +1,193 @@
 exploit hipaa_training(a)=
 	preconditions:
 		quality:a,current_emp=true;
 		quality:a,hipaa_training_date<=20210503;
 	posconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit pol_proc_attest(a)=
 	preconditions:
 		quality:a,current_emp=true;
 		quality:a,pol_proc_attestation<=20210503;
 	posconditions:
 		update quality:a,compliance_vios+=1;
 .
 cofficer group exploit comp_officer(a)=
 	preconditions:
 		quality:a,hipaa_compliance_officer=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 pofficer group exploit priv_officer(a)=
 	preconditions:
 		quality:a,hipaa_privacy_officer=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 sofficer group exploit sec_officer(a)=
 	preconditions:
 		quality:a,hipaa_security_officer=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit access_control(a)=
 	preconditions:
 		quality:a,current_emp=true;
 		quality:a,has_pin=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit mobile(a)=
 	preconditions:
 		quality:a,uses_mobile=true;
 		quality:a,mobile_regs=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit lock(a)=
 	preconditions:
 		quality:a,ephi_lock=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit inventory(a)=
 	preconditions:
 		quality:a,hw_inventory=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit risk_asses(a)=
 	preconditions:
 		quality:a,sec_risk_assessment<=20210503;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit priv_asses(a)=
 	preconditions:
 		quality:a,priv_stand_audit<=20210503;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit hitech_asses(a)=
 	preconditions:
 		quality:a,hitech_audit<=20210503;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit sec_asses(a)=
 	preconditions:
 		quality:a,sec_stand_audit<=20210503;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit dev_asses(a)=
 	preconditions:
 		quality:a,asset_dev_audit<=20210503;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit phys_assess(a)=
 	preconditions:
 		quality:a,phys_audit<=20210503;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit breach(a)=
 	preconditions:
 		quality:a,breach_process=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit report(a)=
 	preconditions:
 		quality:a,anon_reports=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit insecure_data(a)=
 	preconditions:
 		quality:a,encryption=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit expired_c(a)=
 	preconditions:
 		quality:a,curr_date>=20220701;
 	postconditions:
 		update quality:a,expired_cert=true;
 .
 exploit insecure_db(a)=
 	preconditions:
 		quality:a,expired_cert=true;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 .
 exploit new_emp(a)=
 	preconditions:
 		quality:a,can_add_emp=true;
 	postconditions:
 		update quality:a,can_add_emp=false;
 		update quality:a,hw_inventory=false;
 .
 exploit rm_emp(a)=
 	preconditions:
 		quality:a,can_rm_emp=true;
 	postconditions:
 		update quality:a,hipaa_compliance_officer=false;
 		update quality:a,hipaa_privacy_officer=false;
 		update quality:a,hipaa_security_officer=false;
 		update quality:a,can_rm_emp=false;
 .
 exploit phys_vio(a)=
 	preconditions:
 		quality:a,ephi_lock=false;
 	postconditions:
 		update quality:a,compliance_vios+=1;
 exploit break_lock(a)=
 	preconditions:
 		quality:a,ephi_lock=true;
 	postcondtions:
 		quality:a,ephi_lock=false;
 .
 time group time_advance(a)=
 	preconditions:
 		quality:a,TIME_ADVANCE_STEP<13;
 	postconditions:
 		update quality:a,can_add_emp=true;
 		update quality:a,can_rm_emp=true;
 		update quality:a,hw_inventory=true;
 		update quality:a,hipaa_training_date-=100;
 		update quality:a,pol_proc_attestation-=100;
 		update quality:a,sec_risk_assessment-=100;
 		update quality:a,priv_stand_audit-=100;
 		update quality:a,hitech_audit-=100;
 		update quality:a,sec_stand_audit-=100;
 		update quality:a,asset_dev_audit-=100;
 		update quality:a,phys_audit-=100;
 .