erangaeb · February 17, 2025 22:56
diff --git a/NISTControlParser.scala b/NISTControlParser.scala
 import scala.util.matching.Regex

 object NISTControlParser extends App {

  // Function to split the text into control questions and control description
  def processControlText(controlId: String, text: String): (List[String], String) = {
    val sections = text.split("(?i)Supplemental Guidance:").map(_.trim)

    // Extract the control part before Supplemental Guidance
    val controlDescription = if (sections.length > 1) sections(1) else ""
    val controlDetails = sections(0).replaceFirst("Description:", "").trim

    val lines = controlDetails.split("\n").map(_.trim).filter(_.nonEmpty).toList
    val questionList = scala.collection.mutable.ListBuffer[String]()

    val regex: Regex = """^([a-z]+|\d+)\.\s*(.*)""".r  // Matches "a.", "b.", "h.1", etc.

    for (line <- lines) {
      line match {
        case regex(key, value) =>
          questionList.append(s"$controlId.$key $value")
        case _ =>
          // If it's a continuation of the previous line, append it
          if (questionList.nonEmpty) {
            val lastIndex = questionList.length - 1
            questionList(lastIndex) = questionList(lastIndex) + " " + line
          }
      }
    }

    (questionList.toList, controlDescription)
  }

  val controlId = "AC-2"
  val nistControlText = """Description:
                          |The organization:
                          |a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];
                          |b. Assigns account managers for information system accounts;
                          |c. Establishes conditions for group and role membership;
                          |d. Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account;
                          |e. Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts;
                          |f. Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions];
                          |g. Monitors the use of information system accounts;
                          |h. Notifies account managers:
                          |    1. When accounts are no longer required;
                          |    2. When users are terminated or transferred; and
                          |    3. When individual information system usage or need-to-know changes;
                          |i. Authorizes access to the information system based on:
                          |    1. A valid access authorization;
                          |    2. Intended system usage; and
                          |    3. Other attributes as required by the organization or associated missions/business functions;
                          |j. Reviews accounts for compliance with account management requirements [Assignment: organization-defined frequency]; and
                          |k. Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.
                          |
                          |Supplemental Guidance:
                          |Information system account types include, for example, individual, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service. Some of the account management requirements listed above can be implemented by organizational information systems...""".stripMargin

  val (questions, controlDescription) = processControlText(controlId, nistControlText)

  // Print the parsed control questions
  println("Parsed Control Questions:")
  questions.foreach(println)

  // Print the extracted control description
  println("\nExtracted Control Description:")
  println(controlDescription)
 }
	import scala.util.matching.Regex

	object NISTControlParser extends App {

	// Function to split the text into control questions and control description
	def processControlText(controlId: String, text: String): (List[String], String) = {
	val sections = text.split("(?i)Supplemental Guidance:").map(_.trim)

	// Extract the control part before Supplemental Guidance
	val controlDescription = if (sections.length > 1) sections(1) else ""
	val controlDetails = sections(0).replaceFirst("Description:", "").trim

	val lines = controlDetails.split("\n").map(_.trim).filter(_.nonEmpty).toList
	val questionList = scala.collection.mutable.ListBuffer[String]()

	val regex: Regex = """^([a-z]+\|\d+)\.\s(.)""".r // Matches "a.", "b.", "h.1", etc.

	for (line <- lines) {
	line match {
	case regex(key, value) =>
	questionList.append(s"$controlId.$key $value")
	case _ =>
	// If it's a continuation of the previous line, append it
	if (questionList.nonEmpty) {
	val lastIndex = questionList.length - 1
	questionList(lastIndex) = questionList(lastIndex) + " " + line
	}
	}
	}

	(questionList.toList, controlDescription)
	}

	val controlId = "AC-2"
	val nistControlText = """Description:
	\|The organization:
	\|a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];
	\|b. Assigns account managers for information system accounts;
	\|c. Establishes conditions for group and role membership;
	\|d. Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other attributes (as required) for each account;
	\|e. Requires approvals by [Assignment: organization-defined personnel or roles] for requests to create information system accounts;
	\|f. Creates, enables, modifies, disables, and removes information system accounts in accordance with [Assignment: organization-defined procedures or conditions];
	\|g. Monitors the use of information system accounts;
	\|h. Notifies account managers:
	\| 1. When accounts are no longer required;
	\| 2. When users are terminated or transferred; and
	\| 3. When individual information system usage or need-to-know changes;
	\|i. Authorizes access to the information system based on:
	\| 1. A valid access authorization;
	\| 2. Intended system usage; and
	\| 3. Other attributes as required by the organization or associated missions/business functions;
	\|j. Reviews accounts for compliance with account management requirements [Assignment: organization-defined frequency]; and
	\|k. Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.
	\|
	\|Supplemental Guidance:
	\|Information system account types include, for example, individual, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service. Some of the account management requirements listed above can be implemented by organizational information systems...""".stripMargin

	val (questions, controlDescription) = processControlText(controlId, nistControlText)

	// Print the parsed control questions
	println("Parsed Control Questions:")
	questions.foreach(println)

	// Print the extracted control description
	println("\nExtracted Control Description:")
	println(controlDescription)
	}