Add support for all 6 NIST control status types in viewer

Extend the NIST viewer to support all 6 status types defined in the
control file format, not just the initial 3. This allows proper
representation of controls that are inherently met, do not meet
requirements, or are not applicable.

Status types and their visual representation:
1. automated     - Green (#28a745)   - Technical controls implemented
2. manual        - Blue (#0366d6)    - Manual processes required
3. inherently met - Purple (#6f42c1) - Met by system design
4. does not meet - Red (#dc3545)     - Does not satisfy requirement
5. not applicable - Gray (#6c757d)   - Not relevant to this product
6. pending       - Yellow (#ffd33d)  - Not yet evaluated

Changes:

Generator (generate_nist_viewer.py):
- Add is_inherently_met, is_does_not_meet, is_not_applicable flags
- Track counts for all 6 statuses in statistics
- Calculate percentages for progress bars

Templates:
- _shared_styles.html: Add badge styles for 3 new status types
- index.html: Add stat cards for inherently met, not applicable, does not meet
- index.html: Update family progress bars to show all 6 status types
- controls.html, family.html, gaps.html, statistics.html: Update statusClass
  determination to handle all 6 types

Dashboard now shows:
- 7 stat cards (Total + 6 status types)
- Multi-segment progress bars with up to 6 colors
- Proper filtering and display for all status types

Example control file usage:
```yaml
- id: pe-1
  title: Physical Protection Policy
  levels: [low, moderate, high]
  rules: []
  status: not applicable
  notes: Physical security is managed at datacenter level
```

This allows organizations to properly track controls that are:
- Satisfied through architectural choices (inherently met)
- Not relevant to their deployment model (not applicable)
- Identified as gaps that cannot be remediated (does not meet)

Author: ggbecker

utils/nist_sync/generate_nist_viewer.py

@@ -153,6 +153,9 @@ def merge_control_data(product_controls: Dict[str, Any], oscal_controls: Dict[st
             'is_automated': control.get('status') == 'automated',
             'is_manual': control.get('status') == 'manual',
             'is_pending': control.get('status') == 'pending',
+            'is_inherently_met': control.get('status') == 'inherently met',
+            'is_does_not_meet': control.get('status') == 'does not meet',
+            'is_not_applicable': control.get('status') == 'not applicable',
         }
 
         merged.append(merged_control)
@@ -190,6 +193,9 @@ def generate_viewer_data(products: List[str], repo_root: Path) -> Dict[str, Any]
             'automated': sum(1 for c in controls if c['is_automated']),
             'manual': sum(1 for c in controls if c['is_manual']),
             'pending': sum(1 for c in controls if c['is_pending']),
+            'inherently_met': sum(1 for c in controls if c['is_inherently_met']),
+            'does_not_meet': sum(1 for c in controls if c['is_does_not_meet']),
+            'not_applicable': sum(1 for c in controls if c['is_not_applicable']),
             'with_rules': sum(1 for c in controls if c['has_rules']),
             'without_rules': sum(1 for c in controls if not c['has_rules']),
         }

utils/nist_sync/templates/_shared_styles.html

@@ -120,6 +120,9 @@
     .badge-automated { background: #28a745; color: white; }
     .badge-manual { background: #0366d6; color: white; }
     .badge-pending { background: #ffd33d; color: #24292e; }
+    .badge-inherently_met { background: #6f42c1; color: white; }
+    .badge-does_not_meet { background: #dc3545; color: white; }
+    .badge-not_applicable { background: #6c757d; color: white; }
     .badge-low { background: #dbedff; color: #0366d6; }
     .badge-moderate { background: #fff3cd; color: #856404; }
     .badge-high { background: #f8d7da; color: #721c24; }

utils/nist_sync/templates/controls.html

@@ -338,7 +338,10 @@ <h4>Gap Status</h4>
 
             container.innerHTML = filteredControls.map(control => {
                 const statusClass = control.is_automated ? 'automated' :
-                                  control.is_manual ? 'manual' : 'pending';
+                                  control.is_manual ? 'manual' :
+                              control.is_inherently_met ? 'inherently_met' :
+                              control.is_does_not_meet ? 'does_not_meet' :
+                              control.is_not_applicable ? 'not_applicable' : 'pending';
                 const gapIndicator = control.has_rules ? '' :
                     '<span class="gap-indicator gap-full"></span>';
 

utils/nist_sync/templates/family.html

@@ -349,7 +349,10 @@ <h3>Controls in this Family</h3>
 
             familyControls.sort((a, b) => a.id.localeCompare(b.id)).forEach(control => {
                 const statusClass = control.is_automated ? 'automated' :
-                                  control.is_manual ? 'manual' : 'pending';
+                                  control.is_manual ? 'manual' :
+                              control.is_inherently_met ? 'inherently_met' :
+                              control.is_does_not_meet ? 'does_not_meet' :
+                              control.is_not_applicable ? 'not_applicable' : 'pending';
                 const gapClass = control.has_rules ? '' : 'gap';
 
                 const item = document.createElement('div');

utils/nist_sync/templates/index.html

@@ -30,7 +30,19 @@ <h2>Dashboard</h2>
                 <div class="stat-label">Manual</div>
             </div>
             <div class="stat-card">
-                <div class="stat-value" id="stat-pending" style="color: #d73a49;">0</div>
+                <div class="stat-value" id="stat-inherently-met" style="color: #6f42c1;">0</div>
+                <div class="stat-label">Inherently Met</div>
+            </div>
+            <div class="stat-card">
+                <div class="stat-value" id="stat-not-applicable" style="color: #6c757d;">0</div>
+                <div class="stat-label">Not Applicable</div>
+            </div>
+            <div class="stat-card">
+                <div class="stat-value" id="stat-does-not-meet" style="color: #dc3545;">0</div>
+                <div class="stat-label">Does Not Meet</div>
+            </div>
+            <div class="stat-card">
+                <div class="stat-value" id="stat-pending" style="color: #ffd33d;">0</div>
                 <div class="stat-label">Pending</div>
             </div>
         </div>
@@ -116,6 +128,9 @@ <h3>Coverage by Control Family</h3>
             document.getElementById('stat-total').textContent = stats.total;
             document.getElementById('stat-automated').textContent = stats.automated;
             document.getElementById('stat-manual').textContent = stats.manual;
+            document.getElementById('stat-inherently-met').textContent = stats.inherently_met || 0;
+            document.getElementById('stat-not-applicable').textContent = stats.not_applicable || 0;
+            document.getElementById('stat-does-not-meet').textContent = stats.does_not_meet || 0;
             document.getElementById('stat-pending').textContent = stats.pending;
 
             // Update coverage progress
@@ -188,7 +203,15 @@ <h3>Coverage by Control Family</h3>
             const familyCounts = {};
 
             EMBEDDED_DATA.families.forEach(family => {
-                familyCounts[family.id] = { total: 0, automated: 0, manual: 0, pending: 0 };
+                familyCounts[family.id] = {
+                    total: 0,
+                    automated: 0,
+                    manual: 0,
+                    inherently_met: 0,
+                    does_not_meet: 0,
+                    not_applicable: 0,
+                    pending: 0
+                };
             });
 
             controls.forEach(control => {
@@ -198,6 +221,9 @@ <h3>Coverage by Control Family</h3>
                 family.total++;
                 if (control.is_automated) family.automated++;
                 else if (control.is_manual) family.manual++;
+                else if (control.is_inherently_met) family.inherently_met++;
+                else if (control.is_does_not_meet) family.does_not_meet++;
+                else if (control.is_not_applicable) family.not_applicable++;
                 else if (control.is_pending) family.pending++;
             });
 
@@ -210,6 +236,9 @@ <h3>Coverage by Control Family</h3>
 
                 const automatedPercent = (counts.automated / counts.total) * 100;
                 const manualPercent = (counts.manual / counts.total) * 100;
+                const inherentlyMetPercent = (counts.inherently_met / counts.total) * 100;
+                const doesNotMeetPercent = (counts.does_not_meet / counts.total) * 100;
+                const notApplicablePercent = (counts.not_applicable / counts.total) * 100;
                 const pendingPercent = (counts.pending / counts.total) * 100;
 
                 const barHtml = `
@@ -221,7 +250,10 @@ <h3>Coverage by Control Family</h3>
                         <div style="display: flex; height: 24px; background: #e1e4e8; border-radius: 4px; overflow: hidden;">
                             <div style="width: ${automatedPercent}%; background: #28a745;" title="Automated: ${counts.automated}"></div>
                             <div style="width: ${manualPercent}%; background: #0366d6;" title="Manual: ${counts.manual}"></div>
-                            <div style="width: ${pendingPercent}%; background: #d73a49;" title="Pending: ${counts.pending}"></div>
+                            <div style="width: ${inherentlyMetPercent}%; background: #6f42c1;" title="Inherently Met: ${counts.inherently_met}"></div>
+                            <div style="width: ${notApplicablePercent}%; background: #6c757d;" title="Not Applicable: ${counts.not_applicable}"></div>
+                            <div style="width: ${doesNotMeetPercent}%; background: #dc3545;" title="Does Not Meet: ${counts.does_not_meet}"></div>
+                            <div style="width: ${pendingPercent}%; background: #ffd33d;" title="Pending: ${counts.pending}"></div>
                         </div>
                     </div>
                 `;