Support multiple cci's
ejaronne opened this issue · 2 comments
For example, there are actually 2 cci's in this SRG for SRG-NET-000285-ALG-000074. But when loaded into Vulcan, only one (the first) is captured.
Example: https://mitre-vulcan-prod.herokuapp.com/components/71/YYYY-00-000067
I would see if we can check with DISA about this because it doesn't make much sense to me that a requirement would have a "primary" CCI let's call it and then the 366 CCI which is just the best practice CCI.
Typically there is 1 requirement in each SRG with CCI 366 with a title like "The DBMS must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs." that covers anything else not covered by the other requirements.
multiple cci's should be stored as with a delimter. This emulates how we export to csv from Heimdall.