Revert "chore: fix spelling errors #2032"

This reverts commit 84ea095.

examples/ap/json/ifa_assessment-plan-example-min.json

@@ -1 +1 @@
-{"assessment-plan":{"uuid":"60077e84-e62f-4375-8c6c-b0e0d4560c5f","metadata":{"title":"IFA GoodRead Assessment Plan","last-modified":"2024-02-01T13:57:28.355446-04:00","version":"1.0","oscal-version":"1.1.2","roles":[{"id":"assessor","title":"IFA Security Control Assessor"}],"parties":[{"uuid":"e7730080-71ce-4b20-bec4-84f33136fd58","type":"person","name":"Amy Assessor","member-of-organizations":["3a675986-b4ff-4030-b178-e953c2e55d64"]},{"uuid":"3a675986-b4ff-4030-b178-e953c2e55d64","type":"organization","name":"Important Federal Agency","short-name":"IFA","links":[{"href":"https:\/\/www.ifa.gov","rel":"website"}]}],"responsible-parties":[{"role-id":"assessor","party-uuids":["e7730080-71ce-4b20-bec4-84f33136fd58"]}]},"import-ssp":{"href":"..\/3-implementation\/ssp.oscal.xml"},"local-definitions":{"activities":[{"uuid":"52277182-1ba3-4cb6-8d96-b1b97aaf9d6b","title":"Examine System Elements for Least Privilege Design and Implementation","description":"The activity and it steps will be performed by the assessor and facilitated by owner, ISSO, and product team for the IFA GoodRead system with necessary information and access about least privilege design and implementation of the system's elements: the application, web framework, server, and cloud account infrastructure.","props":[{"name":"method","value":"EXAMINE"}],"steps":[{"uuid":"733e3cbf-e398-46b6-9c02-a2cb534c341e","title":"Obtain Network Access via VPN to IFA GoodRead Environment","description":"The assessor will obtain network access with appropriately configured VPN account to see admin frontend to the application for PAO staff, which is only accessible via VPN with an appropriately configured role for PAO staff accounts."},{"uuid":"4ce7e0b4-d69e-4b80-a700-8600b4d4d933","title":"Obtain Credentials and Access to AwesomeCloud Account for IFA GoodRead System","description":"The assessor will obtain access to the GoodRead Product Team's AwesomeCloud account with their single sign-on credentials to a read-only assessor role."},{"uuid":"3d0297de-e47b-4360-b9c3-cf5c425f86cd","title":"Obtain Application Access Provided by Product Team","description":"The assessor will obtain non-privileged account credentials with the PAO staff role to test this role in the application does not permit excessive administrative operations."},{"uuid":"64ca1ef6-3ad4-4747-97c6-40890222463f","title":"Confirm Load Balancer Blocks Access to Admin Frontend from Internet","description":"The assessor will confirm that the load balancer for public access does not allow access to Admin Frontend of the application from the Internet."},{"uuid":"715f0592-166f-44f6-bb66-d99623e035dc","title":"Confirm GoodRead's PAO Role Cannot Manage Users","description":"The assessor will confirm that user's logged into the GoodRead Application with the PAO staff role cannot add, modify, or disable users from the system."},{"uuid":"4641957b-a0fa-4c61-af1a-d3e9101efe40","title":"Confirm Django Admin Panel Not Available","description":"The assessor will confirm with web-based interface and API methods users with the PAO Staff role cannot access the Django admin panel functions and interactively change application's database records."}],"related-controls":{"control-selections":[{"include-controls":[{"control-id":"ac-6.1"}]}]},"responsible-roles":[{"role-id":"assessor","party-uuids":["e7730080-71ce-4b20-bec4-84f33136fd58"]}]}]},"reviewed-controls":{"control-selections":[{"include-controls":[{"control-id":"ac-6.1"}]}],"control-objective-selections":[{"include-all":{}}]},"assessment-subjects":[{"type":"component","description":"The assessor for the IFA GoodRead Project, including the application and infrastructure for this information system, are within scope of this assessment.","include-all":{}}],"tasks":[{"uuid":"b3504d22-0e75-4dd7-9247-618661beba4e","type":"action","title":"Examine Least Privilege Design and Implementation","associated-activities":[{"activity-uuid":"0d243b23-a889-478f-9716-6d4870e56209","subjects":[{"type":"component","include-all":{}}]}],"responsible-roles":[{"role-id":"assessor"}],"remarks":"Per IFA's use of NIST SP-800 53A, the assessor, with the support of the owner, information system security officer, and product team for the IFA GoodRead project, will examine least privilege design and implementation with the following:\n\n* list of security functions (deployed in hardware, software, and firmware) and security-relevant information for which access must be explicitly authorized;\n* system configuration settings and associated documentation;\n"}]}}
+{"assessment-plan":{"uuid":"60077e84-e62f-4375-8c6c-b0e0d4560c5f","metadata":{"title":"IFA GoodRead Assessment Plan","last-modified":"2024-02-01T13:57:28.355446-04:00","version":"1.0","oscal-version":"1.1.2","roles":[{"id":"assessor","title":"IFA Security Control Assessor"}],"parties":[{"uuid":"e7730080-71ce-4b20-bec4-84f33136fd58","type":"person","name":"Amy Assessor","member-of-organizations":["3a675986-b4ff-4030-b178-e953c2e55d64"]},{"uuid":"3a675986-b4ff-4030-b178-e953c2e55d64","type":"organization","name":"Important Federal Agency","short-name":"IFA","links":[{"href":"https:\/\/www.ifa.gov","rel":"website"}]}],"responsible-parties":[{"role-id":"assessor","party-uuids":["e7730080-71ce-4b20-bec4-84f33136fd58"]}]},"import-ssp":{"href":"..\/3-implementation\/ssp.oscal.xml"},"local-definitions":{"activities":[{"uuid":"52277182-1ba3-4cb6-8d96-b1b97aaf9d6b","title":"Examine System Elements for Least Privilege Design and Implementation","description":"The activity and it steps will be performed by the assessor and facilitated by owner, ISSO, and product team for the IFA GoodRead system with necessary information and access about least privilege design and implementation of the system's elements: the application, web framework, server, and cloud account infrastructure.","props":[{"name":"method","value":"EXAMINE"}],"steps":[{"uuid":"733e3cbf-e398-46b6-9c02-a2cb534c341e","title":"Obtain Network Access via VPN to IFA GoodRead Environment","description":"The assessor will obtain network access with appropriately configured VPN account to see admin frontend to the application for PAO staff, which is only accessible via VPN with an appropriately configured role for PAO staff accounts."},{"uuid":"4ce7e0b4-d69e-4b80-a700-8600b4d4d933","title":"Obtain Credentials and Access to AwesomeCloud Account for IFA GoodRead System","description":"The assessor will obtain access to the GoodRead Product Team's AwesomeCloud account with their single sign-on credentials to a read-only assessor role."},{"uuid":"3d0297de-e47b-4360-b9c3-cf5c425f86cd","title":"Obtain Applcation Access Provided by Product Team","description":"The assessor will obtain non-privileged account credentials with the PAO staff role to test this role in the application does not permit excessive administrative operations."},{"uuid":"64ca1ef6-3ad4-4747-97c6-40890222463f","title":"Confirm Load Balancer Blocks Access to Admin Frontend from Internet","description":"The assessor will confirm that the load balancer for public access does not allow access to Admin Frontend of the application from the Internet."},{"uuid":"715f0592-166f-44f6-bb66-d99623e035dc","title":"Confirm GoodRead's PAO Role Cannot Manage Users","description":"The assessor will confirm that user's logged into the GoodRead Application with the PAO staff role cannot add, modify, or disable users from the system."},{"uuid":"4641957b-a0fa-4c61-af1a-d3e9101efe40","title":"Confirm Django Admin Panel Not Available","description":"The assessor will confirm with web-based interface and API methods users with the PAO Staff role cannot access the Django admin panel functions and interactively change application's database records."}],"related-controls":{"control-selections":[{"include-controls":[{"control-id":"ac-6.1"}]}]},"responsible-roles":[{"role-id":"assessor","party-uuids":["e7730080-71ce-4b20-bec4-84f33136fd58"]}]}]},"reviewed-controls":{"control-selections":[{"include-controls":[{"control-id":"ac-6.1"}]}],"control-objective-selections":[{"include-all":{}}]},"assessment-subjects":[{"type":"component","description":"The assessor for the IFA GoodRead Project, including the application and infrastructure for this information system, are within scope of this assessment.","include-all":{}}],"tasks":[{"uuid":"b3504d22-0e75-4dd7-9247-618661beba4e","type":"action","title":"Examine Least Privilege Design and Implementation","associated-activities":[{"activity-uuid":"0d243b23-a889-478f-9716-6d4870e56209","subjects":[{"type":"component","include-all":{}}]}],"responsible-roles":[{"role-id":"assessor"}],"remarks":"Per IFA's use of NIST SP-800 53A, the assessor, with the support of the owner, information system security officer, and product team for the IFA GoodRead project, will examine least privilege design and implementation with the following:\n\n* list of security functions (deployed in hardware, software, and firmware) and security-relevant information for which access must be explicitly authorized;\n* system configuration settings and associated documentation;\n"}]}}

examples/ap/json/ifa_assessment-plan-example.json

@@ -71,7 +71,7 @@
             },
             {
               "uuid": "3d0297de-e47b-4360-b9c3-cf5c425f86cd",
-              "title": "Obtain Application Access Provided by Product Team",
+              "title": "Obtain Applcation Access Provided by Product Team",
               "description": "The assessor will obtain non-privileged account credentials with the PAO staff role to test this role in the application does not permit excessive administrative operations."
             },
             {

examples/ap/xml/ifa_assessment-plan-example.xml

@@ -52,7 +52,7 @@
                 </description>
             </step>
             <step uuid="3d0297de-e47b-4360-b9c3-cf5c425f86cd">
-                <title>Obtain Application Access Provided by Product Team</title>
+                <title>Obtain Applcation Access Provided by Product Team</title>
                 <description>
                     <p>The assessor will obtain non-privileged account credentials with the PAO
                         staff role to test this role in the application does not permit excessive

examples/ap/yaml/ifa_assessment-plan-example.yaml

@@ -43,7 +43,7 @@ assessment-plan:
             title: Obtain Credentials and Access to AwesomeCloud Account for IFA GoodRead System
             description: The assessor will obtain access to the GoodRead Product Team's AwesomeCloud account with their single sign-on credentials to a read-only assessor role.
           - uuid: 3d0297de-e47b-4360-b9c3-cf5c425f86cd
-            title: Obtain Application Access Provided by Product Team
+            title: Obtain Applcation Access Provided by Product Team
             description: The assessor will obtain non-privileged account credentials with the PAO staff role to test this role in the application does not permit excessive administrative operations.
           - uuid: 64ca1ef6-3ad4-4747-97c6-40890222463f
             title: Confirm Load Balancer Blocks Access to Admin Frontend from Internet

examples/ar/json/ifa_assessment-results-example.json

@@ -157,7 +157,7 @@
             ],
             "collected": "2023-06-02T08:31:20-04:00",
             "expires": "2023-07-01T00:00:00-04:00",
-            "remarks": "The assessor's security automation platform analyzed all roles specific to the GoodRead Product Team, not those managed by the Office of Information Technology. The `IFA-GoodRead-SystemEngineer` role in their respective AwesomeCloud account permitted use of the following high-risk actions.\n\n* awesomecloud:auditlog:DeleteAccountAuditLog\n* awesomecloud:secmon:AdministerConfigurations\n\n\nBoth of these actions are overly permissive and not appropriate for the business function of the staff member assigned this role."
+            "remarks": "The assessor's security automation platform analyzed all roles specific to the GoodRead Product Team, not those managed by the Office of Information Technology. The `IFA-GoodRead-SystemEnginer` role in their respective AwesomeCloud account permitted use of the following high-risk actions.\n\n* awesomecloud:auditlog:DeleteAccountAuditLog\n* awesomecloud:secmon:AdministerConfigurations\n\n\nBoth of these actions are overly permissive and not appropriate for the business function of the staff member assigned this role."
           },
           {
             "uuid": "4a2fb32e-9be9-43cf-b717-e9e47de061bd",
@@ -185,7 +185,7 @@
             "uuid": "0cfa750e-3553-47ba-a7ba-cf84a884d261",
             "title": "GoodRead System Engineers Have Over-Privileged Access to Cloud Infrastructure Account",
             "description": "A user in the GoodRead cloud environment with the privileges of a system engineer can exceed the intended privileges for their related business function. They can delete all historical audit records and remove important security monitoring functions for the IFA Security Operations Center staff.",
-            "statement": "An account without proper least privilege design and implementation can be used to surreptitiously add, change, or delete cloud infrastructure to the too managing all links to IFA's communication to public citizens, potentially causing significant harm with no forensic evidence to recover the system. Regardless of the extent and duration of a potential incident, such a configuration greatly increases the risk of an insider threat if there were likely to a potential insider threat in the GoodRead Product Team.\n\nIf such an insider threat existed and acted with this misconfiguration, the resulting event could cause significant financial and reputational risk to IFA's Administrator, executive staff, and the agency overall.",
+            "statement": "An account without proper least privilege design and implementation can be used to surreptitiously add, change, or delete cloud infrastructure to the too managing all links to IFA's communication to public citizens, potentially causing significant harm with no forensic evidence to recover the system. Regardless of the extent and duration of a potential incident, such a configuration greatly increases the risk of an insider threat if there were likely to a potential insider threat in the GoodRead Product Team.\n\nIf such an insider threat existed and acted with this misconfigruatio, the resulting event could cause significant financial and reputational risk to IFA's Administrator, executive staff, and the agency overall.",
             "status": "investigating"
           }
         ],

examples/ar/xml/ifa_assessment-results-example.xml

@@ -145,7 +145,7 @@
             <remarks>
                 <p>The assessor's security automation platform analyzed all roles specific to the
                     GoodRead Product Team, not those managed by the Office of Information
-                    Technology. The <code>IFA-GoodRead-SystemEngineer</code> role in their respective
+                    Technology. The <code>IFA-GoodRead-SystemEnginer</code> role in their respective
                     AwesomeCloud account permitted use of the following high-risk actions.</p>
                 <ul>
                     <li>awesomecloud:auditlog:DeleteAccountAuditLog</li>
@@ -188,7 +188,7 @@
                     Regardless of the extent and duration of a potential incident, such a
                     configuration greatly increases the risk of an insider threat if there were
                     likely to a potential insider threat in the GoodRead Product Team.</p>
-                <p>If such an insider threat existed and acted with this misconfiguration, the
+                <p>If such an insider threat existed and acted with this misconfigruatio, the
                     resulting event could cause significant financial and reputational risk to IFA's
                     Administrator, executive staff, and the agency overall.</p>
             </statement>

examples/ar/yaml/ifa_assessment-results-example.yaml

@@ -100,7 +100,7 @@ assessment-results:
           collected: "2023-06-02T08:31:20-04:00"
           expires: "2023-07-01T00:00:00-04:00"
           remarks: |-
-            The assessor's security automation platform analyzed all roles specific to the GoodRead Product Team, not those managed by the Office of Information Technology. The `IFA-GoodRead-SystemEngineer` role in their respective AwesomeCloud account permitted use of the following high-risk actions.
+            The assessor's security automation platform analyzed all roles specific to the GoodRead Product Team, not those managed by the Office of Information Technology. The `IFA-GoodRead-SystemEnginer` role in their respective AwesomeCloud account permitted use of the following high-risk actions.
 
             * awesomecloud:auditlog:DeleteAccountAuditLog
             * awesomecloud:secmon:AdministerConfigurations
@@ -127,7 +127,7 @@ assessment-results:
           statement: |-
             An account without proper least privilege design and implementation can be used to surreptitiously add, change, or delete cloud infrastructure to the too managing all links to IFA's communication to public citizens, potentially causing significant harm with no forensic evidence to recover the system. Regardless of the extent and duration of a potential incident, such a configuration greatly increases the risk of an insider threat if there were likely to a potential insider threat in the GoodRead Product Team.
 
-            If such an insider threat existed and acted with this misconfiguration, the resulting event could cause significant financial and reputational risk to IFA's Administrator, executive staff, and the agency overall.
+            If such an insider threat existed and acted with this misconfigruatio, the resulting event could cause significant financial and reputational risk to IFA's Administrator, executive staff, and the agency overall.
           status: investigating
       findings:
         - uuid: 45d8a6c2-1368-4bad-9ba0-7141f0a32889