Network 2 (hipaa network) nm and xp files

2022-04-29 13:38:09 -05:00 · 2022-04-29 13:38:09 -05:00 · 34c2086f5d
commit 34c2086f5d
parent c472b27b4c
2 changed files with 294 additions and 0 deletions
--- a/CG_Files/Network_2/hipaa.nm
+++ b/CG_Files/Network_2/hipaa.nm
@ -0,0 +1,101 @@
+network model = 
+	assets:
+		# Employees
+		emp1;		
+		emp2;
+		emp3;
+		emp4;
+		emp5;
+		
+		# "Company" Asset
+		company;
+		
+		# Database Asset
+		db;
+
+	facts:
+		# Employee Info					 yr/mo/day
+		quality:emp1,current_emp=true;
+		quality:emp2,current_emp=true;
+		quality:emp3,current_emp=true;
+		quality:emp4,current_emp=true;
+		quality:emp5,current_emp=true;
+		
+		quality:emp1,TIME_ADVANCE_STEP=0;
+		quality:emp2,TIME_ADVANCE_STEP=0;
+		quality:emp3,TIME_ADVANCE_STEP=0;
+		quality:emp4,TIME_ADVANCE_STEP=0;
+		quality:emp5,TIME_ADVANCE_STEP=0;
+
+		quality:emp1,hipaa_training_date=20220210;
+		quality:emp2,hipaa_training_date=20210823;
+		quality:emp3,hipaa_training_date=20210510;
+		quality:emp4,hipaa_training_date=20220307;
+		quality:emp5,hipaa_training_date=20211124;
+
+		quality:emp1,pol_proc_attestation=20210510;
+		quality:emp2,pol_proc_attestation=20220307;
+		quality:emp3,pol_proc_attestation=20211124;
+		quality:emp4,pol_proc_attestation=20210823;
+		quality:emp5,pol_proc_attestation=20220210;
+
+		quality:emp5,hipaa_compliance_officer=true;
+		quality:emp4,hipaa_privacy_officer=true;
+		quality:emp3,hipaa_security_officer=true;
+		quality:emp5,can_rm_emp=true;
+		quality:emp4,can_rm_emp=true;
+		quality:emp3,can_rm_emp=true;
+		
+		quality:emp1,has_pin=true;
+		quality:emp2,has_pin=true;
+		quality:emp3,has_pin=true;
+		quality:emp4,has_pin=true;
+		quality:emp5,has_pin=true;
+		
+		quality:emp1,uses_mobile=false;
+		quality:emp2,uses_mobile=false;
+		quality:emp3,uses_mobile=true;
+		quality:emp3,mobile_regs=true;
+		quality:emp4,uses_mobile=false;
+		quality:emp5,uses_mobile=true;
+		quality:emp5,mobile_regs=true;
+		
+		quality:emp1,compliance_vios=0;
+		quality:emp2,compliance_vios=0;
+		quality:emp3,compliance_vios=0;
+		quality:emp4,compliance_vios=0;
+		quality:emp5,compliance_vios=0;
+		
+		# Company Info
+		quality:company,ephi_lock=true;
+		quality:company,hw_inventory=true;
+		quality:company,date=05032022;
+		quality:company,can_add_emp=true;
+		
+		quality:company,sec_risk_assessment=20210913;
+		quality:company,priv_stand_audit=20211105;
+		quality:company,hitech_audit=20210515;
+		quality:company,sec_stand_audit=20210713;
+		quality:company,asset_dev_audit=20220327;
+		quality:company,phys_audit=20220413;
+		
+		quality:company,deficiencies_logged=20220413;
+		quality:company,oldest_def_log=20160413;
+		
+		quality:company,breach_process=true;
+		quality:company,anon_reports=true;
+		
+		quality:company,compliance_vios=0;
+		
+		quality:company,TIME_ADVANCE_STEP=0;
+		
+		# Database Info
+		quality:db,encryption=AES256;
+		quality:db,cert_expir=20220701;
+		quality:db,TIME_ADVANCE_STEP=0;
+
+		quality:db,compliance_vios=0;
+
+	topology:emp1<->emp1,comp;
+	tags:
+.
--- a/CG_Files/Network_2/hipaa.xp
+++ b/CG_Files/Network_2/hipaa.xp
@ -0,0 +1,193 @@
+exploit hipaa_training(a)=
+	preconditions:
+		quality:a,current_emp=true;
+		quality:a,hipaa_training_date<=20210503;
+	posconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit pol_proc_attest(a)=
+	preconditions:
+		quality:a,current_emp=true;
+		quality:a,pol_proc_attestation<=20210503;
+	posconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+cofficer group exploit comp_officer(a)=
+	preconditions:
+		quality:a,hipaa_compliance_officer=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+pofficer group exploit priv_officer(a)=
+	preconditions:
+		quality:a,hipaa_privacy_officer=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+sofficer group exploit sec_officer(a)=
+	preconditions:
+		quality:a,hipaa_security_officer=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit access_control(a)=
+	preconditions:
+		quality:a,current_emp=true;
+		quality:a,has_pin=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit mobile(a)=
+	preconditions:
+		quality:a,uses_mobile=true;
+		quality:a,mobile_regs=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit lock(a)=
+	preconditions:
+		quality:a,ephi_lock=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit inventory(a)=
+	preconditions:
+		quality:a,hw_inventory=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit risk_asses(a)=
+	preconditions:
+		quality:a,sec_risk_assessment<=20210503;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit priv_asses(a)=
+	preconditions:
+		quality:a,priv_stand_audit<=20210503;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit hitech_asses(a)=
+	preconditions:
+		quality:a,hitech_audit<=20210503;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit sec_asses(a)=
+	preconditions:
+		quality:a,sec_stand_audit<=20210503;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit dev_asses(a)=
+	preconditions:
+		quality:a,asset_dev_audit<=20210503;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit phys_assess(a)=
+	preconditions:
+		quality:a,phys_audit<=20210503;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit breach(a)=
+	preconditions:
+		quality:a,breach_process=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit report(a)=
+	preconditions:
+		quality:a,anon_reports=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit insecure_data(a)=
+	preconditions:
+		quality:a,encryption=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit expired_c(a)=
+	preconditions:
+		quality:a,curr_date>=20220701;
+	postconditions:
+		update quality:a,expired_cert=true;
+.
+
+exploit insecure_db(a)=
+	preconditions:
+		quality:a,expired_cert=true;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+.
+
+exploit new_emp(a)=
+	preconditions:
+		quality:a,can_add_emp=true;
+	postconditions:
+		update quality:a,can_add_emp=false;
+		update quality:a,hw_inventory=false;
+.
+
+exploit rm_emp(a)=
+	preconditions:
+		quality:a,can_rm_emp=true;
+	postconditions:
+		update quality:a,hipaa_compliance_officer=false;
+		update quality:a,hipaa_privacy_officer=false;
+		update quality:a,hipaa_security_officer=false;
+		update quality:a,can_rm_emp=false;
+.
+
+exploit phys_vio(a)=
+	preconditions:
+		quality:a,ephi_lock=false;
+	postconditions:
+		update quality:a,compliance_vios+=1;
+
+exploit break_lock(a)=
+	preconditions:
+		quality:a,ephi_lock=true;
+	postcondtions:
+		quality:a,ephi_lock=false;
+.
+
+time group time_advance(a)=
+	preconditions:
+		quality:a,TIME_ADVANCE_STEP<13;
+	postconditions:
+		update quality:a,can_add_emp=true;
+		update quality:a,can_rm_emp=true;
+		update quality:a,hw_inventory=true;
+		update quality:a,hipaa_training_date-=100;
+		update quality:a,pol_proc_attestation-=100;
+		update quality:a,sec_risk_assessment-=100;
+		update quality:a,priv_stand_audit-=100;
+		update quality:a,hitech_audit-=100;
+		update quality:a,sec_stand_audit-=100;
+		update quality:a,asset_dev_audit-=100;
+		update quality:a,phys_audit-=100;
+.
+
+