feat(compliance): add ISO27001 compliance framework (#2517)

Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
2026-02-10 06:45:08 +00:00 · 2023-06-20 16:57:28 +02:00
parent 435911489f
commit f875cd05be
6 changed files with 1352 additions and 4 deletions
--- a/prowler/compliance/aws/iso27001_aws.json
+++ b/prowler/compliance/aws/iso27001_aws.json
--- a/prowler/lib/check/compliance_models.py
+++ b/prowler/lib/check/compliance_models.py
@@ -105,6 +105,16 @@ class AWS_Well_Architected_Requirements(BaseModel):
    ImplementationGuidanceUrl: str


+# ISO27001 Requirements
+class ISO27001_Requirements(BaseModel):
+    """ISO27001 Requirements"""
+
+    Category: str
+    Objetive_ID: str
+    Objetive_Name: str
+    Check_Summary: str
+
+
 # Base Compliance Model
 class Compliance_Requirement(BaseModel):
    """Compliance_Requirement holds the base model for every requirement within a compliance framework"""
@@ -117,6 +127,7 @@ class Compliance_Requirement(BaseModel):
            CIS_Requirements,
            ENS_Requirements,
            Generic_Compliance_Requirements,
+            ISO27001_Requirements,
            AWS_Well_Architected_Requirements,
        ]
    ]
--- a/prowler/lib/cli/parser.py
+++ b/prowler/lib/cli/parser.py
@@ -258,7 +258,7 @@ Detailed documentation at https://docs.prowler.cloud
        list_group.add_argument(
            "--list-compliance-requirements",
            nargs="+",
-            help="List compliance requirements for a given requirement",
+            help="List compliance requirements for a given compliance framework",
            choices=available_compliance_frameworks,
        )
        list_group.add_argument(
--- a/prowler/lib/outputs/compliance.py
+++ b/prowler/lib/outputs/compliance.py
@@ -8,6 +8,7 @@ from prowler.config.config import orange_color, timestamp
 from prowler.lib.check.models import Check_Report
 from prowler.lib.logger import logger
 from prowler.lib.outputs.models import (
+    Check_Output_CSV_AWS_ISO27001,
    Check_Output_CSV_AWS_Well_Architected,
    Check_Output_CSV_CIS,
    Check_Output_CSV_ENS_RD2022,
@@ -159,6 +160,40 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):

                csv_header = generate_csv_fields(Check_Output_CSV_AWS_Well_Architected)

+            elif compliance.Framework == "ISO27001" and compliance.Provider == "AWS":
+                compliance_output = compliance.Framework
+                if compliance.Version != "":
+                    compliance_output += "_" + compliance.Version
+                if compliance.Provider != "":
+                    compliance_output += "_" + compliance.Provider
+
+                compliance_output = compliance_output.lower().replace("-", "_")
+                if compliance_output in output_options.output_modes:
+                    for requirement in compliance.Requirements:
+                        requirement_description = requirement.Description
+                        requirement_id = requirement.Id
+                        requirement.Name
+                        for attribute in requirement.Attributes:
+                            compliance_row = Check_Output_CSV_AWS_ISO27001(
+                                Provider=finding.check_metadata.Provider,
+                                Description=compliance.Description,
+                                AccountId=audit_info.audited_account,
+                                Region=finding.region,
+                                AssessmentDate=timestamp.isoformat(),
+                                Requirements_Id=requirement_id,
+                                Requirements_Description=requirement_description,
+                                Requirements_Attributes_Category=attribute.Category,
+                                Requirements_Attributes_Objetive_ID=attribute.Objetive_ID,
+                                Requirements_Attributes_Objetive_Name=attribute.Objetive_Name,
+                                Requirements_Attributes_Check_Summary=attribute.Check_Summary,
+                                Status=finding.status,
+                                StatusExtended=finding.status_extended,
+                                ResourceId=finding.resource_id,
+                                CheckId=finding.check_metadata.CheckID,
+                            )
+
+                csv_header = generate_csv_fields(Check_Output_CSV_AWS_ISO27001)
+
            else:
                compliance_output = compliance.Framework
                if compliance.Version != "":
@@ -191,9 +226,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                                CheckId=finding.check_metadata.CheckID,
                            )

-                    csv_header = generate_csv_fields(
-                        Check_Output_CSV_Generic_Compliance
-                    )
+                csv_header = generate_csv_fields(Check_Output_CSV_Generic_Compliance)

            if compliance_row:
                csv_writer = DictWriter(
--- a/prowler/lib/outputs/file_descriptors.py
+++ b/prowler/lib/outputs/file_descriptors.py
@@ -14,6 +14,7 @@ from prowler.lib.outputs.html import add_html_header
 from prowler.lib.outputs.models import (
    Aws_Check_Output_CSV,
    Azure_Check_Output_CSV,
+    Check_Output_CSV_AWS_ISO27001,
    Check_Output_CSV_AWS_Well_Architected,
    Check_Output_CSV_CIS,
    Check_Output_CSV_ENS_RD2022,
@@ -163,6 +164,16 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
                        )
                        file_descriptors.update({output_mode: file_descriptor})

+                    elif output_mode == "iso27001_aws":
+                        filename = f"{output_directory}/{output_filename}_iso27001_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_CSV_AWS_ISO27001,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
                    else:
                        # Generic Compliance framework
                        filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
--- a/prowler/lib/outputs/models.py
+++ b/prowler/lib/outputs/models.py
@@ -588,6 +588,26 @@ class Check_Output_CSV_AWS_Well_Architected(BaseModel):
    CheckId: str


+class Check_Output_CSV_AWS_ISO27001(BaseModel):
+    """
+    Check_Output_CSV_AWS_ISO27001 generates a finding's output in CSV AWS ISO27001 Compliance format.
+    """
+
+    Provider: str
+    Description: str
+    AccountId: str
+    Region: str
+    AssessmentDate: str
+    Requirements_Attributes_Category: str
+    Requirements_Attributes_Objetive_ID: str
+    Requirements_Attributes_Objetive_Name: str
+    Requirements_Attributes_Check_Summary: str
+    Status: str
+    StatusExtended: str
+    ResourceId: str
+    CheckId: str
+
+
 # JSON ASFF Output
 class ProductFields(BaseModel):
    ProviderName: str = "Prowler"