Skip to content

Create tables for compliance requirement controls

Problem to solve

As part of a recent review of the Custom compliance frameworks (&13295 - closed) plan the question was raised around discovering the status of individual controls and how they are evaluated.

As part of the scalability review we decided to remove the controls table and move the expression to be stored in the requirements table as a text field. This was to optimise for performance and also the evaluation engine.

Proposal

Add a compliance_requirements_control table for each control for a compliance requirement as per the following entity diagram.

classDiagram
    class namespaces {
        id: bigint
        name: text
        path: text
        ...(more columns)
    }
    class projects {
        id: bigint,
        name: text
        path: text
        description: text
        ...(more columns)
    }
    class compliance_management_frameworks {
        id: bigint,
        name: text,
        description: text,
        ...(more columns)
    }

    class compliance_requirements {
        id: bigint
        created_at: timestamp
        updated_at: timestamp
        namespace_id: bigint
        framework_id: bigint
        name: text
        description: text
    }

    class compliance_requirements_control {
        id: bigint
        created_at: timestamp
        updated_at: timestamp
        namespace_id: bigint
        framework_id: bigint
        name: text
        control_type: smallint
        external_url: text
        expression: text
    }

    class project_requirement_compliance_status {
        id: bigint
        created_at: timestamp
        updated_at: timestamp
        project_id: bigint
        namespace_id: bigint
        compliance_requirement_id: bigint
        compliance_control_id: bigint
        status: smallint
    }

    class project_compliance_violations {
        id: bigint
        created_at: timestamp
        updated_at: timestamp
        project_id: bigint
        namespace_id: bigint
        compliance_requirement_id: bigint
        compliance_control_id: bigint
        audit_event_id: bigint
    }
    
    class security_policy_requirements {
        id: bigint
        created_at: timestamp
        updated_at: timestamp
        compliance_framework_security_policy_id: bigint
        compliance_requirement_id: bigint
        namespace_id: bigint
    }

    compliance_management_frameworks --> compliance_requirements : has_many
    compliance_management_frameworks <--> projects : many_to_many
    compliance_requirements <--> security_policy_requirements : has_and_belongs_to_many
    projects <-- namespaces : has_many
    namespaces --> compliance_management_frameworks : has_many
    projects --> project_requirement_compliance_status : has_many
    projects --> project_compliance_violations : has_many
    compliance_requirements --> compliance_requirements_control : has_many
    compliance_requirements_control --> project_requirement_compliance_status : has_one
    compliance_requirements_control <--> project_compliance_violations : has_many
Edited by Hitesh Raghuvanshi