Feat: [ocsf#1109] - extended compliance finding - compliance by addin…

…g compliance_references and _standards based on kb_article to provide possibility to map KB articles with information relevant to finding.

CHANGELOG.md

@@ -56,6 +56,7 @@ Thankyou! -->
     6. Added `signatures` object, an array of `signature` objects. #992
     7. Added `whois` object. #992
     8. Added `domain_contact` and array-typed `domain_contacts` object for use with `whois` object. #992
+    9. Added array-typed `compliacne_references` and array-typed `compliance_standards` objects as array of `kb_article` and used in `compliance` object. #1066 
 
 * #### Platform Extensions
 

dictionary.json

@@ -934,6 +934,18 @@
       "description": "The compliance object provides context to compliance findings (e.g., a check against a specific regulatory or best practice framework such as CIS, NIST etc.) and contains compliance related details.",
       "type": "compliance"
     },
+    "compliance_references": {
+      "caption": "Complaince References Articles",
+      "description": "A list of sources of information or tools that help organizations understand, interpret, and implement compliance standards. They provide guidance, best practices, and examples.",
+      "type": "kb_article",
+      "is_array": true
+    },
+    "compliance_standards": {
+      "caption": "Compliance Standards Articles",
+      "description": "A list of established guidelines or criteria that define specific requirements an organization must follow.",
+      "type": "kb_article",
+      "is_array": true
+    },
     "component": {
       "caption": "Component",
       "description": "The component of a data object. See specific usage.",

objects/compliance.json

@@ -4,6 +4,12 @@
   "extends": "object",
   "name": "compliance",
   "attributes": {
+    "compliance_references": {
+      "requirement": "optional"
+    },
+    "compliance_standards": {
+      "requirement": "optional"
+    },
     "control": {
       "requirement": "recommended"
     },