This script is used to export Plan of Actions and Milestones (POAM) items from a Security Plan (SSP) in the RegScale system to an Excel file in the FedRAMP v5 format.
- Python 3.9+
- openpyxl
- regscale-cli
Run pip install -r requirements.txt
from the root of this directory, and the Python package manager will install necessary requirements.
The script is run from the command line and requires two arguments:
--ssp_id
: The ID of the Security Plan to export.--output_file
: The path to the output Excel file.
Example:
./fedramp_v5_export_bmc.py --previous_month_poam march.xlsx --ssp_id 3 --output_file april.xlsx
graph TD
A[Start] --> B[Run fedramp_v5_export_bmc.py]
B --> C[Match Previous Month POAMs with RegScale Data]
C --> D{Check POAM Identifiers}
D -->|Changed| E[Generate New POAM ID]
D -->|Unchanged OR DR is associated with the POAM| F[Keep Existing POAM ID]
E --> G[Update POAM.otherId]
F --> H[Keep in OPEN Items Worksheet]
G --> I[Update POAM.data JSON]
I --> H[POAM]
H -->|Changed| J[Save to RegScale] --> K[Add to Worksheet]
H -->|Unchanged| K[Add to OPEN Worksheet]
K --> L[Export POAM Worksheet to New XLSX file with current month as name]
L --> M[New POAM file is saved to RegScale file system for tracking purposes]