Admin & OSCAL Compliance Platform

The ElectricSheep Admin & OSCAL Compliance Platform provides comprehensive administrative capabilities and OSCAL-based compliance assessment tools.

Platform Access

• Admin Dashboard: admin.electricsheep.farm
• OSCAL Compliance Portal: oscal.electricsheep.farm
• GitHub Repository: electricsheep-admin-oscal

Features Overview

Administrative Dashboard

The admin dashboard provides centralized management for the entire ElectricSheep ecosystem:

User Authentication & Management

• Secure user authentication with Flask-Login
• Role-based access control
• Session management and security
• User profile management

System Monitoring

• Real-time health monitoring of all services
• Application performance metrics
• Log viewing and analysis
• Alert management and notifications

Configuration Management

• System configuration interface
• Service configuration management
• Environment variable management
• Database administration tools

OSCAL Compliance Assessment

The OSCAL (Open Security Controls Assessment Language) platform provides comprehensive compliance management:

Multi-Framework Support

• NIST Cybersecurity Framework - Complete implementation
• ISO 27001 - Full standard coverage
• SOC 2 - All trust service criteria
• GDPR - Privacy regulation compliance
• Custom Frameworks - Extensible framework support

Evidence Repository

• Digital evidence collection and management
• Document version control
• Evidence linking to controls
• Automated evidence validation
• Audit trail maintenance

Compliance Assessment Features

• Interactive assessment questionnaires
• Automated gap analysis
• Risk scoring and prioritization
• Compliance roadmap generation
• Real-time compliance monitoring

Framework Mapping Engine

• Cross-framework control mapping
• Automated compliance gap analysis
• Control inheritance relationships
• Custom framework integration
• Compliance dashboard visualization

Technical Architecture

Application Stack

• Framework: Python Flask
• Database: SQLite with structured schemas
• Frontend: Jinja2 templates with responsive design
• Authentication: Flask-Login with bcrypt password hashing
• API: RESTful endpoints for system integration

Key Components

Core Application Files

• app.py - Main Flask application and routing
• assessment_questionnaire.py - Compliance questionnaire logic
• evidence_repository.py - Evidence management system
• framework_mapping_engine.py - Cross-framework compliance mapping
• policy_analysis.py - Policy analysis and automation tools
• content_generator.py - Dynamic content generation

Database Schema

• compliance_assessment_schema.sql - Main compliance database structure
• framework_mapping_schema.sql - Framework mapping relationships
• framework_mapping_data.sql - Pre-loaded framework data

Additional Components

• comprehensive_compliance_platform.py - Advanced compliance features
• simple_compliance_server.py - Lightweight compliance API
• hugo_manager.py - Integration with Hugo static site generator
• youtube_monitor.py - Content monitoring capabilities

Infrastructure

Containerization

• Docker: Production-ready containerization
• Health Checks: Built-in container health monitoring
• Volume Management: Persistent data storage
• Environment Configuration: Development and production configs

Reverse Proxy Integration

• Traefik: Automatic SSL certificate management
• Load Balancing: High availability configuration
• Domain Routing: Multi-domain support (admin/oscal subdomains)

Usage Guide

Getting Started

1. Access the Platform

   • Navigate to admin.electricsheep.farm
   • Log in with your credentials
   • Access OSCAL features at oscal.electricsheep.farm

2. Initial Setup

   • Complete user profile setup
   • Configure organization settings
   • Import existing compliance data (if applicable)

Admin Dashboard Usage

System Monitoring

• View real-time service status
• Monitor application performance
• Review system logs and alerts
• Manage user accounts and permissions

Configuration Management

• Update system configurations
• Manage service integrations
• Configure monitoring thresholds
• Set up notification preferences

OSCAL Compliance Workflow

1. Framework Selection

• Choose applicable compliance frameworks
• Review framework requirements
• Set up compliance scope and boundaries

2. Assessment Execution

• Complete interactive questionnaires
• Upload supporting evidence
• Link evidence to specific controls
• Track assessment progress

3. Gap Analysis

• Review automated gap analysis results
• Prioritize remediation activities
• Generate compliance roadmaps
• Set up monitoring for ongoing compliance

4. Reporting

• Generate compliance reports
• Export assessment results
• Schedule automated reporting
• Share results with stakeholders

API Documentation

Authentication Endpoints

POST /admin/login - User authentication
POST /admin/logout - Session termination
GET /admin/user - Current user information

Assessment Endpoints

GET /api/assessments - List all assessments
POST /api/assessments - Create new assessment
GET /api/assessments/{id} - Get assessment details
PUT /api/assessments/{id} - Update assessment
DELETE /api/assessments/{id} - Delete assessment

Framework Endpoints

GET /api/frameworks - List available frameworks
GET /api/frameworks/{id}/controls - Get framework controls
GET /api/mappings - Get cross-framework mappings

Development and Deployment

Local Development

# Start development environment
cd /opt/dev/electricsheep/admin-oscal-app
docker-compose -f docker-compose.dev.yml up --build

# Application available at http://localhost:5001

Production Deployment

The platform uses automated CI/CD through GitHub Actions:

• Push changes to main branch
• Automated testing and building
• Production deployment with health checks
• Rollback capabilities

Configuration

• Environment-specific configurations
• Database connection management
• SSL certificate automation
• Monitoring and alerting setup

Compliance Frameworks Supported

NIST Cybersecurity Framework

• All 23 subcategories
• Risk assessment integration
• Maturity level scoring
• Gap analysis and recommendations

ISO 27001

• Complete Annex A control set
• Risk treatment planning
• Evidence collection workflows
• Certification readiness assessment

SOC 2

• All trust service criteria
• Control testing procedures
• Evidence collection automation
• Audit preparation tools

GDPR

• Privacy impact assessments
• Data mapping capabilities
• Consent management
• Breach notification workflows

Custom Framework Integration

• Framework definition interface
• Control mapping capabilities
• Assessment template creation
• Reporting customization

Support and Troubleshooting

Common Issues

1. Login Problems: Check credentials and session status
2. Performance Issues: Monitor system resources and database performance
3. Evidence Upload: Verify file formats and size limits
4. Report Generation: Check template configurations and data completeness

Monitoring

• Built-in health checks at root endpoint
• Application logs accessible through admin interface
• System metrics and performance monitoring
• Automated alerting for critical issues

Maintenance

• Regular database backups
• Log rotation and cleanup
• Security updates and patches
• Performance optimization

For technical support or feature requests, please refer to the GitHub repository or contact the development team.