CERT: Recommendation Departure Recorded
warningcert_recommendation_departure_recorded
Departures from CERT Recommendations (advisory guidelines) are recorded.
Formula
G(Finding ∧ cert_recommendation_departure → recorded)Why it matters
SEI CERT: Recommendations are advisory guidelines that improve security; departures are permissible but should be recorded.
Examples
passes the risk/remediation step is evidenced
fails the required assessment/remediation is absent
Use it
ponens policies add cert_recommendation_departure_recorded --into ./trace.json
ponens trace check ./trace.json