Skip to content

Compliance Evaluation Model Definition and Implementation #1579

New issue
New issue
Open
Feature
Open
Compliance Evaluation Model Definition and Implementation#1579
Feature
Assignees
elmilan06
@elmilan06

Description

@elmilan06
elmilan06
opened on Jan 12, 2026

Describe the feature

The platform needs a formal model to define how compliance controls are evaluated.

This model must describe the structure of a control, including its SQL-based observations, evaluation rules, coverage requirements, evidence policies, and index patterns.

This feature focuses exclusively on defining, validating, editing, and storing the control specification.

Use Case

Users need a structured and auditable way to define compliance controls.
The system must allow them to:

  • Create controls composed of one or more SQL-based observations
  • Define rules that determine how query results should be interpreted
  • Specify minimum coverage requirements
  • Configure evidence collection policies
  • Validate the entire control before saving

This enables the platform to maintain a consistent and versionable compliance definition that will later be executed by the evaluation engine.

Proposed Solution

To support the new compliance evaluation capability, both the frontend and backend will be enhanced to allow users to define, validate, and manage all components involved in a compliance control.

Frontend improvements:

  • Provide a complete interface for creating and editing compliance controls, including all their configurable elements.
  • Implement form-based workflows with validation rules that ensure consistency and correctness before saving.
  • Add views for listing existing controls, inspecting their details, and editing their configuration.
  • Allow users to run a pre‑save validation to confirm that the control definition is coherent.

Backend improvements:

  • Implement the necessary data structures to represent all parts of a compliance control.
  • Add validation logic to ensure that required fields are present, values follow expected formats, and relationships between elements are consistent.
  • Expose REST endpoints to create, update, validate, retrieve, and list control definitions.
  • Persist the complete control definition in a way that supports versioning and immutability when needed.
  • Ensure that the backend provides clear and actionable validation feedback to the frontend.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Feature

Projects

UTMStack OSS

Status

🆕 New

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions