CERTCC · ahouseholder · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025
@@ -0,0 +1,8 @@
+# Functional Impact
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.functional_impact import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
@@ -0,0 +1,28 @@
+# Incident Severity
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.incident_severity import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
+
+Version 2.0.0 is based on the
+[National Cyber Incident Scoring System](https://www.cisa.gov/sites/default/files/2023-01/cisa_national_cyber_incident_scoring_system_s508c.pdf)
+developed by the Cybersecurity and Infrastructure Security Agency (CISA).
+
+## Previous Versions
+
+Version 1.0.0 is based on the
+[Cyber Incident Severity Schema](https://obamawhitehouse.archives.gov/sites/whitehouse.gov/files/documents/Cyber%2BIncident%2BSeverity%2BSchema.pdf)
+adopted by the United States Federal Cybersecurity Centers, in coordination with departments and agencies with a
+cybersecurity or cyber operations mission.
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.incident_severity import VERSIONS
+from ssvc.doc_helpers import example_block
+
+versions = VERSIONS[:-1]
+for version in versions:
+    print(example_block(version))
+```
@@ -0,0 +1,21 @@
+# National Cybersecurity Incident Scoring System (NCISS) Decision Points
+
+The [National Cyber Incident Scoring System (NCISS)](https://www.cisa.gov/sites/default/files/2023-01/cisa_national_cyber_incident_scoring_system_s508c.pdf)
+was developed by the Cybersecurity and Infrastructure Security Agency (CISA).
+
+Although the NCISS is implemented as a numerical scoring system, a number of
+its criteria are amenable to modeling using SSVC decision points. We have
+included a few examples here.
+
+## Decision Points
+
+<div class="grid cards" markdown>
+
+- [Functional Impact](functional_impact.md)
+- [Incident Severity](incident_severity.md)
+- [Information Impact](information_impact.md)
+- [Observed Activity](observed_activity.md)
+- [Observed Location of Activity](observed_activity_location.md)
+- [Recoverability](recoverability.md)
+
+</div>
@@ -0,0 +1,8 @@
+# Information Impact
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.information_impact import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
@@ -0,0 +1,8 @@
+# Observed Activity
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.observed_activity import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
@@ -0,0 +1,8 @@
+# Observed Location of Activity
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.observed_activity_location import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
@@ -0,0 +1,8 @@
+# Recoverability
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.nciss.recoverability import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
@@ -107,6 +107,14 @@ nav:
             - Report Confidence: 'reference/decision_points/cvss/report_confidence.md'
             - Scope: 'reference/decision_points/cvss/scope.md'
             - Target Distribution: 'reference/decision_points/cvss/target_distribution.md'
+      - NCISS Decision Points:
+        - 'reference/decision_points/nciss/index.md'
+        - Functional Impact: 'reference/decision_points/nciss/functional_impact.md'
+        - Incident Severity: 'reference/decision_points/nciss/incident_severity.md'
+        - Information Impact: 'reference/decision_points/nciss/information_impact.md'
+        - Observed Activity: 'reference/decision_points/nciss/observed_activity.md'
+        - Observed Activity Location: 'reference/decision_points/nciss/observed_activity_location.md'
+        - Recoverability: 'reference/decision_points/nciss/recoverability.md'
     - Code:
         - Intro: 'reference/code/index.md'
         - CSV Analyzer: 'reference/code/analyze_csv.md'

@@ -76,12 +76,6 @@ class SsvcDecisionPoint(_Valued, _Keyed, _Versioned, _Namespaced, _Base, BaseMod
     namespace: str = NameSpace.SSVC
     values: tuple[SsvcDecisionPointValue, ...]
 
-    def __iter__(self):
-        """
-        Allow iteration over the decision points in the group.
-        """
-        return iter(self.values)
-
     def __init__(self, **data):
         super().__init__(**data)
         register(self)

@@ -0,0 +1,21 @@
+#  Copyright (c) 2025 Carnegie Mellon University.
+#  NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE
+#  ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS.
+#  CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND,
+#  EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT
+#  NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR
+#  MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE
+#  OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE
+#  ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM
+#  PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
+#  Licensed under a MIT (SEI)-style license, please see LICENSE or contact
+#  [email protected] for full terms.
+#  [DISTRIBUTION STATEMENT A] This material has been approved for
+#  public release and unlimited distribution. Please see Copyright notice
+#  for non-US Government use and distribution.
+#  This Software includes and/or makes use of Third-Party Software each
+#  subject to its own license.
+#  DM24-0278
+"""
+This module contains decision points based on the National Cyber Incident Scoring System (NCISS).
+"""
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+"""
+Provides a base class for decision points modeled after the US National Cyber Incident Scoring System
+"""
+#  Copyright (c) 2025 Carnegie Mellon University.
+#  NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE
+#  ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS.
+#  CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND,
+#  EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT
+#  NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR
+#  MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE
+#  OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE
+#  ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM
+#  PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
+#  Licensed under a MIT (SEI)-style license, please see LICENSE or contact
+#  [email protected] for full terms.
+#  [DISTRIBUTION STATEMENT A] This material has been approved for
+#  public release and unlimited distribution. Please see Copyright notice
+#  for non-US Government use and distribution.
+#  This Software includes and/or makes use of Third-Party Software each
+#  subject to its own license.
+#  DM24-0278
+
+from pydantic import BaseModel
+
+from ssvc.decision_points import SsvcDecisionPoint
+from ssvc.namespaces import NameSpace
+
+
+class NcissDecisionPoint(SsvcDecisionPoint, BaseModel):
+    """
+    Models a single NCISS decision point as a list of values.
+    """
+
+    namespace: str = NameSpace.NCISS
+
+
+def main():
+    pass
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,144 @@
+#!/usr/bin/env python
+"""
+Provides the NCISS Functional Impact decision point and values.
+"""
+#  Copyright (c) 2025 Carnegie Mellon University.
+#  NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE
+#  ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS.
+#  CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND,
+#  EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT
+#  NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR
+#  MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE
+#  OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE
+#  ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM
+#  PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
+#  Licensed under a MIT (SEI)-style license, please see LICENSE or contact
+#  [email protected] for full terms.
+#  [DISTRIBUTION STATEMENT A] This material has been approved for
+#  public release and unlimited distribution. Please see Copyright notice
+#  for non-US Government use and distribution.
+#  This Software includes and/or makes use of Third-Party Software each
+#  subject to its own license.
+#  DM24-0278
+
+from ssvc.decision_points.base import SsvcDecisionPointValue
+from ssvc.decision_points.helpers import print_versions_and_diffs
+from ssvc.decision_points.nciss.base import NcissDecisionPoint
+
+IMPACT_NONE = SsvcDecisionPointValue(
+    key="N",
+    name="No Impact",
+    description="Organization has experienced no loss in ability to provide all services to all users.",
+)
+
+LOW = SsvcDecisionPointValue(
+    key="L",
+    name="Low",
+    description="Organization has experienced a loss of efficiency, but can still provide all critical services to all users with minimal effect on performance.",
+)
+
+MEDIUM = SsvcDecisionPointValue(
+    key="M",
+    name="Medium",
+    description="Organization has lost the ability to provide a critical service to a subset of system users.",
+)
+
+HIGH = SsvcDecisionPointValue(
+    key="H",
+    name="High",
+    description="Organization has lost the ability to provide all critical services to all system users.",
+)
+
+## based on https://www.cisa.gov/sites/default/files/publications/Federal_Incident_Notification_Guidelines_2015.pdf
+FUNCTIONAL_IMPACT_1 = NcissDecisionPoint(
+    key="FI",
+    name="Functional Impact",
+    version="1.0.0",
+    description="A measure of the impact to business functionality or ability to provide services.",
+    values=(
+        IMPACT_NONE,
+        LOW,
+        MEDIUM,
+        HIGH,
+    ),
+)
+
+NO_IMPACT = SsvcDecisionPointValue(
+    key="N",
+    name="No Impact",
+    description="Event has no impact.",
+)
+
+NO_IMPACT_TO_SERVICES = SsvcDecisionPointValue(
+    key="S",
+    name="No Impact to Services",
+    description="Event has no impact to any business or Industrial Control Systems (ICS) services or delivery to entity customers.",
+)
+
+MINIMAL_IMPACT_TO_NON_CRITICAL_SERVICES = SsvcDecisionPointValue(
+    key="M",
+    name="Minimal Impact to Non-Critical Services",
+    description="Some small level of impact to non-critical systems and services.",
+)
+
+MINIMAL_IMPACT_TO_CRITICAL_SERVICES = SsvcDecisionPointValue(
+    key="C",
+    name="Minimal Impact to Critical Services",
+    description="Minimal impact but to a critical system or service, such as email or active directory.",
+)
+
+SIGNIFICANT_IMPACT_TO_NON_CRITICAL_SERVICES = SsvcDecisionPointValue(
+    key="I",
+    name="Significant Impact to Non-Critical Services",
+    description="A non-critical service or system has a significant impact.",
+)
+
+DENIAL_OF_NON_CRITICAL_SERVICES = SsvcDecisionPointValue(
+    key="D",
+    name="Denial of Non-Critical Services",
+    description="A non-critical system is denied or destroyed.",
+)
+
+SIGNIFICANT_IMPACT_TO_CRITICAL_SERVICES = SsvcDecisionPointValue(
+    key="T",
+    name="Significant Impact to Critical Services",
+    description="A critical system has a significant impact, such as local administrative account compromise.",
+)
+
+DENIAL_OF_CRITICAL_SERVICES_LOSS_OF_CONTROL = SsvcDecisionPointValue(
+    key="L",
+    name="Denial of Critical Services/Loss of Control",
+    description="A critical system has been rendered unavailable.",
+)
+
+# based on https://www.cisa.gov/sites/default/files/publications/Federal_Incident_Notification_Guidelines.pdf
+FUNCTIONAL_IMPACT_2 = NcissDecisionPoint(
+    key="FI",
+    name="Functional Impact",
+    version="2.0.0",
+    description="A measure of the impact to business functionality or ability to provide services.",
+    values=(
+        NO_IMPACT,
+        NO_IMPACT_TO_SERVICES,
+        MINIMAL_IMPACT_TO_NON_CRITICAL_SERVICES,
+        MINIMAL_IMPACT_TO_CRITICAL_SERVICES,
+        SIGNIFICANT_IMPACT_TO_NON_CRITICAL_SERVICES,
+        DENIAL_OF_NON_CRITICAL_SERVICES,
+        SIGNIFICANT_IMPACT_TO_CRITICAL_SERVICES,
+        DENIAL_OF_CRITICAL_SERVICES_LOSS_OF_CONTROL,
+    ),
+)
+
+VERSIONS = (
+    FUNCTIONAL_IMPACT_1,
+    FUNCTIONAL_IMPACT_2,
+)
+LATEST = VERSIONS[-1]
+
+
+def main():
+    print_versions_and_diffs(VERSIONS)
+
+
+if __name__ == "__main__":
+    main()