Skip to content

Instantly share code, notes, and snippets.

@bryaneaton
Last active December 11, 2024 20:11
Show Gist options
  • Save bryaneaton/69a931869db55dc4ad4beb8373763ad3 to your computer and use it in GitHub Desktop.
Save bryaneaton/69a931869db55dc4ad4beb8373763ad3 to your computer and use it in GitHub Desktop.

FedRAMP POAM Exporter

This script is used to export Plan of Actions and Milestones (POAM) items from a Security Plan (SSP) in the RegScale system to an Excel file in the FedRAMP v5 format.

Requirements

  • Python 3.9+
  • openpyxl
  • regscale-cli

To install dependencies:

Run pip install -r requirements.txt from the root of this directory, and the Python package manager will install necessary requirements.

Usage

The script is run from the command line and requires two arguments:

  • --ssp_id: The ID of the Security Plan to export.
  • --output_file: The path to the output Excel file.

Example:

./fedramp_v5_export_bmc.py --previous_month_poam march.xlsx --ssp_id 3 --output_file april.xlsx

Flow

graph TD
    A[Start] --> B[Run fedramp_v5_export_bmc.py]
    B --> C[Match Previous Month POAMs with RegScale Data]
    C --> D{Check POAM Identifiers}
    D -->|Changed| E[Generate New POAM ID]
    D -->|Unchanged OR DR is associated with the POAM| F[Keep Existing POAM ID]
    E --> G[Update POAM.otherId]
    F --> H[Keep in OPEN Items Worksheet]
    G --> I[Update POAM.data JSON]
    I --> H[POAM]
    H -->|Changed| J[Save to RegScale] --> K[Add to Worksheet]
    H -->|Unchanged| K[Add to OPEN Worksheet]
    K --> L[Export POAM Worksheet to New XLSX file with current month as name]
    L --> M[New POAM file is saved to RegScale file system for tracking purposes]
Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment