From 6ea27263b3f58306d7c3db2dcc44a66de96bb718 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 10 Oct 2025 20:32:10 +0000 Subject: [PATCH 1/4] Initial plan From 0234feffe1a30493b833063115140953004c782f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 10 Oct 2025 20:39:46 +0000 Subject: [PATCH 2/4] Refactor default mission impact values into reusable include file Co-authored-by: ahouseholder <2594236+ahouseholder@users.noreply.github.com> --- docs/_includes/default_mission_impact_values.md | 5 +++++ docs/howto/bootstrap/collect.md | 6 +----- docs/howto/gathering_info/mission_impact.md | 2 ++ docs/reference/decision_points/mission_impact.md | 2 ++ 4 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 docs/_includes/default_mission_impact_values.md diff --git a/docs/_includes/default_mission_impact_values.md b/docs/_includes/default_mission_impact_values.md new file mode 100644 index 00000000..75fbba1b --- /dev/null +++ b/docs/_includes/default_mission_impact_values.md @@ -0,0 +1,5 @@ +!!! tip "Default Mission Impact Values" + + Similarly, with [*Mission Impact*](/reference/decision_points/mission_impact.md), the deployer should assume that the software is in use at the + organization for a reason, and that it supports essential functions unless they have evidence otherwise. + With a total lack of information, assume [*support crippled*](/reference/decision_points/mission_impact.md) as a default. diff --git a/docs/howto/bootstrap/collect.md b/docs/howto/bootstrap/collect.md index cc28d073..bdd8a10e 100644 --- a/docs/howto/bootstrap/collect.md +++ b/docs/howto/bootstrap/collect.md @@ -118,11 +118,7 @@ we can suggest something like defaults for some decision points. This position is conservative, but software is thoroughly embedded in daily life now, so we suggest that the decision maker provide evidence that no one’s well-being will suffer. -!!! tip "Default Mission Impact Values" - - Similarly, with [*Mission Impact*](../../reference/decision_points/mission_impact.md), the deployer should assume that the software is in use at the - organization for a reason, and that it supports essential functions unless they have evidence otherwise. - With a total lack of information, assume [*support crippled*](../../reference/decision_points/mission_impact.md) as a default. +{% include-markdown "../../_includes/default_mission_impact_values.md" %} !!! example "Using Defaults" diff --git a/docs/howto/gathering_info/mission_impact.md b/docs/howto/gathering_info/mission_impact.md index 13936a51..1a70b5dd 100644 --- a/docs/howto/gathering_info/mission_impact.md +++ b/docs/howto/gathering_info/mission_impact.md @@ -12,3 +12,5 @@ At a minimum, understanding mission impact should include gathering information There are various sources of guidance on how to gather this information; see for example the FEMA guidance in [Continuity Directive 2](https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf) or [OCTAVE FORTE](https://insights.sei.cmu.edu/insider-threat/2018/06/octave-forte-and-fair-connect-cyber-risk-practitioners-with-the-boardroom.html). This is part of risk management more broadly. It should require the vulnerability management team to interact with more senior management to understand mission priorities and other aspects of risk mitigation. + +{% include-markdown "../../_includes/default_mission_impact_values.md" %} diff --git a/docs/reference/decision_points/mission_impact.md b/docs/reference/decision_points/mission_impact.md index 85b234e4..a480c300 100644 --- a/docs/reference/decision_points/mission_impact.md +++ b/docs/reference/decision_points/mission_impact.md @@ -11,6 +11,8 @@ print(example_block(LATEST)) See this [HowTo](../../howto/gathering_info/mission_impact.md) for advice on gathering information about the Mission Impact decision point. +{% include-markdown "../../_includes/default_mission_impact_values.md" %} + !!! tip "See also" Mission Impact combines with [Safety Impact](./safety_impact.md) to inform From 67f21b997ae85ea060751b442886227a06b3b1ea Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 14 Oct 2025 12:43:46 -0400 Subject: [PATCH 3/4] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- docs/_includes/default_mission_impact_values.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/_includes/default_mission_impact_values.md b/docs/_includes/default_mission_impact_values.md index 75fbba1b..4feb0a48 100644 --- a/docs/_includes/default_mission_impact_values.md +++ b/docs/_includes/default_mission_impact_values.md @@ -1,5 +1,5 @@ !!! tip "Default Mission Impact Values" - Similarly, with [*Mission Impact*](/reference/decision_points/mission_impact.md), the deployer should assume that the software is in use at the + Similarly, with [*Mission Impact*](../../reference/decision_points/mission_impact.md), the deployer should assume that the software is in use at the organization for a reason, and that it supports essential functions unless they have evidence otherwise. - With a total lack of information, assume [*support crippled*](/reference/decision_points/mission_impact.md) as a default. + With a total lack of information, assume [*support crippled*](../../reference/decision_points/mission_impact.md) as a default. From 0a25ccdf716b1a02910151c21d543a34a6aacaf4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 14 Oct 2025 17:25:35 +0000 Subject: [PATCH 4/4] Fix link paths to use absolute URLs in include file Co-authored-by: ahouseholder <2594236+ahouseholder@users.noreply.github.com> --- docs/_includes/default_mission_impact_values.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/_includes/default_mission_impact_values.md b/docs/_includes/default_mission_impact_values.md index 4feb0a48..75fbba1b 100644 --- a/docs/_includes/default_mission_impact_values.md +++ b/docs/_includes/default_mission_impact_values.md @@ -1,5 +1,5 @@ !!! tip "Default Mission Impact Values" - Similarly, with [*Mission Impact*](../../reference/decision_points/mission_impact.md), the deployer should assume that the software is in use at the + Similarly, with [*Mission Impact*](/reference/decision_points/mission_impact.md), the deployer should assume that the software is in use at the organization for a reason, and that it supports essential functions unless they have evidence otherwise. - With a total lack of information, assume [*support crippled*](../../reference/decision_points/mission_impact.md) as a default. + With a total lack of information, assume [*support crippled*](/reference/decision_points/mission_impact.md) as a default.