Merge pull request #4115 from cisagov/feature/mcet-366

Feature/mcet 366

CSETWebApi/CSETWeb_Api/CSETWebCore.Business/Question/ProfileQuestion.cs

@@ -236,7 +236,7 @@ public void SetValidation(bool validate)
         //{
         //    oldQuestionValues.SubLabelNumber = SubLabelNumber;
         //    oldQuestionValues.Question = Question;
-        //    oldQuestionValues.Comments = Comments;
+        //    oldQuestionValues.Comment = Comment;
         //    oldQuestionValues.References = References;
         //    oldQuestionValues.IsSelect = IsSelect;
         //    oldQuestionValues.SupplementalInfo = SupplementalInfo;
@@ -246,7 +246,7 @@ public void SetValidation(bool validate)
         //{
         //    this.SubLabelNumber = oldQuestionValues.SubLabelNumber;
         //    this.Question = oldQuestionValues.Question;
-        //    this.Comments = oldQuestionValues.Comments;
+        //    this.Comment = oldQuestionValues.Comment;
         //    this.References = oldQuestionValues.References;
         //    this.IsSelect = oldQuestionValues.IsSelect;
 

CSETWebApi/CSETWeb_Api/CSETWebCore.Business/Reports/ReportsDataBusiness.cs

@@ -1557,6 +1557,54 @@ public List<RankedQuestions> GetRankedQuestions()
             return list;
         }
 
+        public List<PhysicalQuestions> GetQuestionsWithSupplementals()
+        {         
+            var lang = _tokenManager.GetCurrentLanguage();
+
+            var rm = new Question.RequirementBusiness(_assessmentUtil, _questionRequirement, _context, _tokenManager);
+
+            List<PhysicalQuestions> list = new List<PhysicalQuestions>();
+            List<usp_GetRankedQuestions_Result> rankedQuestionList = _context.usp_GetRankedQuestions(_assessmentId).ToList();
+
+
+            var supplementalLookups = (from a in _context.NEW_REQUIREMENT
+                        join b in _context.REQUIREMENT_SETS on a.Requirement_Id equals b.Requirement_Id
+                        where b.Set_Name == "MOPhysical"
+                        select a).ToDictionary(x=> x.Requirement_Id, x=> x); 
+
+            foreach (usp_GetRankedQuestions_Result q in rankedQuestionList)
+            {
+                if (q.RequirementId != null)
+                {
+                    var reqOverlay = _overlay.GetRequirement((int)q.RequirementId, lang);
+                    if (reqOverlay != null)
+                    {
+                        q.QuestionText = reqOverlay.RequirementText;
+                    }
+
+                }
+
+
+                q.QuestionText = rm.ResolveParameters(q.QuestionOrRequirementID, q.AnswerID, q.QuestionText);
+
+                q.Category = _overlay.GetPropertyValue("STANDARD_CATEGORY", q.Category.ToLower(), lang) ?? q.Category;
+                var comment = _context.Answer_Requirements.Where(x => x.Question_Or_Requirement_Id == q.QuestionOrRequirementID).FirstOrDefault()?.Comment;
+                var supplemental = supplementalLookups[q.RequirementId??0].Supplemental_Info;
+                list.Add(new PhysicalQuestions()
+                {
+                    Answer = q.AnswerText,
+                    CategoryAndNumber = q.Category + " #" + q.QuestionRef,
+                    Level = q.Level,
+                    Question = q.QuestionText,
+                    Rank = q.Rank ?? 0,
+                    Supplemental = supplemental,
+                    Comment = comment
+                });
+            }
+
+            return list;
+        }
+
 
         public List<DocumentLibraryTable> GetDocumentLibrary()
         {
@@ -2791,7 +2839,6 @@ from b in _context.VIEW_QUESTIONS_STATUS.Where(x => x.Answer_Id == a.Answer_Id).
 
             return maturityDomains;
         }
-        //
     }
 }
 

CSETWebApi/CSETWeb_Api/CSETWebCore.Interfaces/Reports/IReportsDataBusiness.cs

@@ -64,5 +64,6 @@ void BuildSubGroupings(MaturityGrouping g, int? parentID,
         List<MatAnsweredQuestionDomain> GetCieQuestionList(int matLevel, bool filterForNa = false);
         List<MatAnsweredQuestionDomain> GetCieDocumentsForAssessment();
         List<MatAnsweredQuestionDomain> GetCieMfrQuestionList();
+        List<PhysicalQuestions> GetQuestionsWithSupplementals();
     }
 }

CSETWebApi/CSETWeb_Api/CSETWebCore.Model/Reports/BasicReportData.cs

@@ -41,7 +41,7 @@ public class BasicReportData
         public List<ComponentQuestion> ComponentQuestions { get; set; }
         public List<List<DiagramZones>> Zones { get; set; }
         public List<CieQuestionAnswerPairing> QuestionAnswerPairings { get; set; }
-
+        public List<PhysicalQuestions> QuestionsWithSupplementals { get; set; }
 
         public class INFORMATION
         {
@@ -174,6 +174,12 @@ public class RankedQuestions
 
     }
 
+    public class PhysicalQuestions : RankedQuestions
+    {
+        public string Supplemental { get; set; }
+        public string Comment { get; set; }
+    }
+
     public class QuestionsWithComments
     {
         public string CategoryAndNumber { get; set; }

CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ReportsController.cs

@@ -541,6 +541,22 @@ public IActionResult GetSiteSummary()
             data.QuestionsWithAltJust = _report.GetQuestionsWithAlternateJustification();
             return Ok(data);
         }
+        [HttpGet]
+        [Route("api/reports/physicalsummary")]
+        public IActionResult GetPhysicalSummary()
+        {
+            int assessmentId = _token.AssessmentForUser();
+
+            _report.SetReportsAssessmentId(assessmentId);
+            BasicReportData data = new BasicReportData();
+            data.information = _report.GetInformation();
+            data.QuestionsWithSupplementals = _report.GetQuestionsWithSupplementals();
+            data.RankedQuestionsTable = _report.GetRankedQuestions();
+            data.QuestionsWithComments = _report.GetQuestionsWithComments();
+            data.QuestionsMarkedForReview = _report.GetQuestionsMarkedForReview();
+            data.QuestionsWithAltJust = _report.GetQuestionsWithAlternateJustification();
+            return Ok(data);
+        }
 
 
         [HttpGet]

CSETWebNg/src/app/app-routing.module.ts

@@ -93,6 +93,7 @@ import { SecurityplanComponent } from './reports/securityplan/securityplan.compo
 import { TrendReportComponent } from './reports/trendreport/trendreport.component';
 import { CompareReportComponent } from './reports/comparereport/comparereport.component';
 import { SiteSummaryComponent } from './reports/site-summary/site-summary.component';
+import { PhysicalSummaryComponent} from './reports/physical-summary/physical-summary.component';
 import { ModelSelectComponent } from './assessment/prepare/maturity/model-select/model-select.component';
 import { CmmcLevelsComponent } from './assessment/prepare/maturity/cmmc-levels/cmmc-levels.component';
 import { MaturityQuestionsComponent } from './assessment/questions/maturity-questions/maturity-questions.component';
@@ -530,6 +531,7 @@ const appRoutes: Routes = [
       { path: 'executive', component: ExecutiveSummaryComponent },
       { path: 'securityplan', component: SecurityplanComponent },
       { path: 'sitesummary', component: SiteSummaryComponent },
+      { path: 'physicalsummary', component: PhysicalSummaryComponent },
       { path: 'trendreport', component: TrendReportComponent },
       { path: 'comparereport', component: CompareReportComponent },
       { path: 'executivecmmc', component: ExecutiveCMMCComponent },

CSETWebNg/src/app/app.module.ts

@@ -667,6 +667,7 @@ import { UploadDemographicsComponent } from './dialogs/import demographics/impor
 import { CieMfrReportComponent } from './reports/cie/cie-mfr-report/cie-mfr-report.component';
 import { ReportListComponent } from './assessment/results/reports/report-list/report-list.component';
 import { ReportListCommonComponent } from './assessment/results/reports/report-list/report-list-common.component';
+import { PhysicalSummaryComponent } from './reports/physical-summary/physical-summary.component';
 
 
 @NgModule({
@@ -910,6 +911,7 @@ import { ReportListCommonComponent } from './assessment/results/reports/report-l
     ExecutiveSummaryComponent,
     SecurityplanComponent,
     SiteSummaryComponent,
+    PhysicalSummaryComponent,
     TrendReportComponent,
     TrendCompareCompatibilityComponent,
     CompareReportComponent,

CSETWebNg/src/app/assessment/results/reports/report-list/report-list.json

@@ -256,6 +256,26 @@
       }
     ]
   },
+  {
+    "title": "MOPhysical",
+    "reportList": [
+      {
+        "linkUrl": "physicalsummary"
+      },
+      {
+        "linkUrl": "executive"
+      },
+      {
+        "linkUrl": "sitesummary"
+      },
+      {
+        "linkUrl": "securityplan"
+      },
+      {
+        "linkUrl": "detail"
+      }
+    ]
+  },
   {
     "title": "STANDARD",
     "reportList": [

CSETWebNg/src/app/assessment/results/reports/reports.component.ts

@@ -344,7 +344,9 @@ export class ReportsComponent implements OnInit, AfterViewInit {
   updateSectionId(): void {
     if (!!this.assessSvc.assessment) {
       // Network diagram and standard assessments use the same assessment list. sectionId will be passed as DIAGRAM
-      if (this.assessSvc.assessment.useStandard && !this.isMobile) {
+      if (this.assessSvc.usesStandard('MOPhysical')) {
+        this.currentSectionId = 'MOPhysical';
+      } else if (this.assessSvc.assessment.useStandard && !this.isMobile) {
           this.currentSectionId = 'STANDARD';
       } else if (this.assessSvc.assessment.useDiagram && !this.isMobile) {
           this.currentSectionId = 'DIAGRAM';

CSETWebNg/src/app/reports/physical-summary/physical-summary.component.html

@@ -0,0 +1,117 @@
+<!----------------------
+
+   Copyright 2024 Battelle Energy Alliance, LLC
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in all
+  copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+  SOFTWARE.
+-------------------------->
+<div class="report-body mb-5" *transloco="let t">
+
+    <div class="flex-container">
+        <div class="column mt-3">
+            <p class="report-title">
+                VULNERABILITIES AND OPTIONS FOR CONSIDERATION
+            </p>
+        </div>
+        <div class="column">
+            <p style="text-align: center">
+                <img width="471" height="529" alt="cset" src="assets/images/SiteSummaryFiles/image002.jpg">
+            </p>
+        </div>
+
+        <div class="cover-page-bottom mb-4">
+            <app-logo-for-reports></app-logo-for-reports>
+            <app-info-block [response]="response" />
+        </div>
+    </div>
+
+
+
+    <div class="page-break" *ngIf="configSvc.behaviors.showDisclaimer">
+        <p>
+            During the assessment process, personnel conducting the assessment along with facility stakeholders identified potential vulnerabilities along with suggested options for consideration. The process and listed options for consideration provide an opportunity for the facility owners/operators (stakeholders) to mitigate vulnerabilities, increase resilience, and implement protective measures. This process involves an assessment of risk tailored to the facility that takes into consideration the threat, assets to be protected, facility characteristics and capital expenditures planning.  The options for consideration are not prescriptive endorsements of specific protective measures to be installed and/or used at the facility. The critical infrastructure owner or operator determines for the facility whether the options for consideration provide the desired enhancements in light of the facility’s current security and resilience posture, anticipated growth or organizational changes, budgetary outlook, etc. No assessment process or respective options for consideration have the ability to provide solutions which fully eliminate the possibility of undesirable events or associated outcomes.
+        </p>
+        <app-report-disclaimer></app-report-disclaimer>
+    </div>
+
+    <div class="page-break">
+        <app-report-advisory></app-report-advisory>
+    </div>
+
+
+
+    <div class="page-break">
+        <h1>{{t('reports.site information')}}</h1>
+        <app-site-information [response]="response"></app-site-information>
+    </div>
+
+    <div class="page-break" *ngIf="response?.information.useStandard">
+        <h1>
+            Vulnerabilities and Options For Consideration
+        </h1>
+
+        <p>
+            During the assessment process, personnel conducting the assessment along with facility stakeholders identified potential vulnerabilities
+            along with suggested options for consideration. The process and listed options for consideration provide an opportunity for the facility
+            owners/operators (stakeholders) to mitigate vulnerabilities, increase resilience, and implement protective measures. This process involves 
+            an assessment of risk tailored to the facility that takes into consideration the threat, assets to be protected, facility characteristics 
+            and capital expenditures planning.  The options for consideration are <u>not prescriptive endorsements</u> of specific protective measures to be 
+            installed and/or used at the facility. The <u>critical infrastructure owner or operator</u> determines for the facility whether the options for 
+            consideration provide the desired enhancements in light of the facility’s current security and resilience posture, anticipated growth or 
+            organizational changes, budgetary outlook, etc. No assessment process or respective options for consideration have the ability to provide 
+            solutions which fully eliminate the possibility of undesirable events or associated outcomes.
+        </p>
+
+        <table *ngFor="let rq of response?.questionsWithSupplementals" class="cset-table-3">
+            <tr>
+                <th style="width: 15%">{{t('reports.core.rank')}}: {{rq.rank}}</th>
+                <th>{{rq.categoryAndNumber}}</th>
+                <th style="width: 15%">{{t('reports.core.level')}}: {{t('titles.sal.level.' + rq.level.toLowerCase())}}</th>
+            </tr>
+            <tr>
+                <td colspan="2" [innerHTML]="rq.question"></td>
+                <td class="tint2">{{t('answer-options.labels.' + rq.answer.toLowerCase())}}</td>
+            </tr>
+            <tr>
+                <td colspan="3" [innerHTML]="rq.supplemental"></td>     
+            </tr>
+            <tr>
+                <td class="tint2">{{t('reports.core.questions comments.comment')}}:</td>
+                <td colspan="2" [innerHTML]="reportSvc.formatLinebreaks(rq.comment)"></td>
+            </tr>
+        </table>
+    </div>
+
+
+
+    <div class="page-break">
+        <app-question-comments [data]="response"></app-question-comments>
+    </div>
+
+
+
+    <div class="page-break">
+        <app-alt-justification-comments [data]="this.response"></app-alt-justification-comments>
+    </div>
+
+
+    <div class="page-break">
+        <app-questions-marked-for-review [data]="response"></app-questions-marked-for-review>
+    </div>
+
+</div>