AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73f47df389
nis2-agile/docs/sql/020_asset_relevance.sql
DevEnv nis2-agile 5c545ea3d0 [FEAT] Integrazione analisi docs/nis2 v1.7.0 — scoring asset, tassonomia incidenti, PIR, NIST CSF, fonti certe 
Fase 1 - Asset Relevance Scoring NIS2 (GV.OC-04): metodologia 0-100 a 6 criteri,
  AssetScoringService + endpoint scoringGrid/score/relevantSystems + UI assets.html + registro stampabile.
Fase 2 - Tassonomia incidenti Determina ACN 164179/2025: IS-1..4 + regime essenziale/importante (Allegati 3/4).
Fase 3 - Post-Incident Review (5-Whys) + metriche TTD/TTC/TTR + timestamp di fase.
Fase 4 - Mapping NIST CSF 2.0 (43 controlli) reference-only.
Fonti certe: registry config/nis2_sources.php + grounding AI (vieta riferimenti inventati) +
  citazioni help.js + ingest PDF normativi nella KB RAG (scripts/ingest-nis2-sources.php).
Migrazioni 020/021/022 (additive idempotenti). Fix VectorService IP Qdrant (drift .5->.3).
Analisi concorrenza Evix (docs/EVIX_ANALISI_CONCORRENZA.html, gap-driven).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 17:15:13 +02:00

67 lines
3.1 KiB
SQL
Raw Blame History

-- ============================================================================
-- Migration 020 - Asset Relevance Scoring (NIS2 GV.OC-04)
-- ----------------------------------------------------------------------------
-- Aggiunge la metodologia di scoring rilevanza NIS2 (0-100, 6 criteri pesati)
-- alla tabella assets. Adattata dai mockup docs/nis2/assets.html +
-- doc-relevant-systems.html (Determina/metodologia CdA, soglia >=40 rilevante).
--
-- Criteri: C1 Criticita Operativa (0-25), C2 Impatto Interruzione (0-25),
-- C3 Dati Trattati (0-20), C4 Dipendenze (0-15),
-- C5 Esposizione (0-10), C6 Obblighi Normativi (0-5).
-- Classificazione: >=80 critico | 60-79 alto | 40-59 medio | 20-39 basso | <20 trascurabile
-- Rilevanza NIS2: score >= 40.
--
-- IMPORTANTE (vedi CLAUDE.md / memoria): MySQL 8 Ubuntu NON supporta
-- "ADD COLUMN IF NOT EXISTS". Questo script usa una stored procedure idempotente
-- che verifica information_schema prima di ogni ALTER. Rilanciabile senza danni.
-- Eseguire con: mysql -h localhost nis2_agile_db -e "source docs/sql/020_asset_relevance.sql"
-- ============================================================================
DELIMITER //
DROP PROCEDURE IF EXISTS _mig020_add_col //
CREATE PROCEDURE _mig020_add_col(IN col VARCHAR(64), IN ddl TEXT)
BEGIN
IF NOT EXISTS (
SELECT 1 FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'assets' AND COLUMN_NAME = col
) THEN
SET @sql = CONCAT('ALTER TABLE assets ADD COLUMN ', ddl);
PREPARE st FROM @sql; EXECUTE st; DEALLOCATE PREPARE st;
END IF;
END //
DELIMITER ;
CALL _mig020_add_col('relevance_score', "relevance_score TINYINT UNSIGNED NULL COMMENT 'Punteggio rilevanza NIS2 0-100'");
CALL _mig020_add_col('relevance_criteria', "relevance_criteria JSON NULL COMMENT 'Dettaglio punteggi C1-C6 per audit'");
CALL _mig020_add_col('relevance_class', "relevance_class ENUM('critico','alto','medio','basso','trascurabile') NULL");
CALL _mig020_add_col('is_nis2_relevant', "is_nis2_relevant TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 se score >= 40'");
CALL _mig020_add_col('relevance_assessed_at', "relevance_assessed_at DATETIME NULL");
CALL _mig020_add_col('relevance_assessed_by', "relevance_assessed_by INT NULL");
DROP PROCEDURE IF EXISTS _mig020_add_col;
-- Indice per filtri "sistemi rilevanti" (idempotente via check)
DELIMITER //
DROP PROCEDURE IF EXISTS _mig020_add_idx //
CREATE PROCEDURE _mig020_add_idx()
BEGIN
IF NOT EXISTS (
SELECT 1 FROM information_schema.STATISTICS
WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'assets' AND INDEX_NAME = 'idx_relevance'
) THEN
ALTER TABLE assets ADD INDEX idx_relevance (is_nis2_relevant, relevance_score);
END IF;
END //
DELIMITER ;
CALL _mig020_add_idx();
DROP PROCEDURE IF EXISTS _mig020_add_idx;
-- ROLLBACK (manuale):
-- ALTER TABLE assets
-- DROP COLUMN relevance_score, DROP COLUMN relevance_criteria,
-- DROP COLUMN relevance_class, DROP COLUMN is_nis2_relevant,
-- DROP COLUMN relevance_assessed_at, DROP COLUMN relevance_assessed_by,
-- DROP INDEX idx_relevance;
Reference in New Issue View Git Blame Copy Permalink