How-to Use the ABB Cyber Security Assessment Tool Importer

The ABB Cyber Security Assessment Tool Importer is an internal utility tool used to import the security requirements from various assessment spreadsheets into Azure DevOps (ADO) as security work items.

The tool can handle the requirements from the following cyber security assessment tools:

Security Development Lifecycle Assessment (SDLC) Tool.
Product Security Assessment (PSA) Tool.
Cloud Security Assessment (CSA) Tool.

Intended for

Release owners, cyber security engineers and product owners who would like to handle the requirements in the security assessment tools via work items.

Prerequisites

The organization in ADO must have the "Security" work item type.
The person who will do the import must have a valid personal token generated in ADO.
Python 3.13.0 must be installed on the machine where the script will be run.

Note: While downloading python 3.13.0, go for custom installation rather than default installation. If you are on Windows make sure you install the pip.exe component when you install Python. Once installed, execute 'python -version' to ensure that python is installed on the machine.
The machine must be connected to the office network or VPN and needs internet.
The CSR Importer Tool must be downloaded and saved locally.
The required cyber security assessment tools must be downloaded and saved locally.

Note: The format should be .xlsx.

Activities

CSR-1

Download ABB Cyber Security Assessment Tool Importer

Use this link to download the following files:

abb_cs_assessment_tool_importer_v4.py - the script to import security requirements for SDL, PSA and CSA.
requirements.txt - the requirements text file.

The "abb_cs_assessment_tool_importer_v4.py", "requirements.txt", and the three spreadsheets should be stored in a local folder. A log folder is automatically created in that same folder when running the script. The generated log files contain detailed information that can be useful for debugging purposes if issues occur during importing, e.g. due to incorrect inputs or ADO server problems.

Install the tool

In the command prompt, type

pip install -r requirements.txt

With Windows you may have to invoke from a cmd.exe run as administrator:

pip.exe install -r requirements.txt

Add personal access token

Open the "User Settings" under the icon and select to add a new token.

Alt text

Make sure that you have the following access: Advanced Security (Read) and Work items (Read & Write).

Note: When the token is generated, you will see a warning that you need to copy the token, since you will not be able to see it again.

Run the script

On the command prompt in the folder where you saved the script type:

py abb_cs_assessment_tool_importer_v4.py

You will get questions to make choices and provide information depending on which choices you make.

After installing the tool and downloading the spreadsheet you can select to import the requirements from the cyber security assessment tools or to clone work items from a previous import, see the table below. The following parameters are needed:

Note: The cloned work items will not in any way be linked to or show that they were cloned from another work item.

Name	Description	Options/Ex
Choice	Do you want to clone the work items from another version?	Yes/No
Work Item ID clone	Only if you answer Yes to clone work items. The main Work Item ID to get the work items from a previous import.	Ex. 1234
Azure organization name	Name of the Azure organization (DevOps Url) where the items will be imported.	Ex. christerwibom0221
Azure project name	Name of the project in Azure where the items will be imported.	Ex. Birthe_S_Test_Project
Azure user name	The Azure user name account that will be used to import. (Usually ABB e-mail)	Ex. `xxxxx.xxxxxxx@se.abb.com`
Azure password	The access token of the user in Azure. (Personal access token).	ryjafaoq4dsw7nbxxr6hzpt42h6w4pndbvjuidvt576ojcmb2ata
Area path	The area path of the workitem in Azure DevOps.	Ex. Birthe_S_Test_Project\DU8050\1\1.1
Choice	Only if you answer No to clone work items. Is the product or application hosted on Cloud	Yes/No
Location PSA	Only if you answer No to clone work items. The local path of Product Security Assessment spreadsheet. (in xlsx format)	Ex. C:\Users\sebishe\MCSR Importer\Data\PAPCP Product Security Assessment Tool.xlsx
Location SDL	Only if you answer No to clone work items. The local path of SDL Assessment spreadsheet. (in xlsx format)	Ex. C:\Users\sebishe\MCSR Importer\Data\PAPCP Security Development Life Cycle Assessment Tool.xlsx
Location CSA	Only if you answer No to clone work items. The local path of Cloud Security Assessment spreadsheet. ( in xlsx format )	Ex.C:\Users\sebishe\MCSR Importer\Data\PAPCP Cloud Security Assessment Tool.xlsx
main Work Item ID	The main Work Item ID to be related. (Your main Epic/Fetaure item. All items must be imported as children. )	Ex. 1444

The security work items will be added under the parent that was identified as "Work Item ID".
Note: each of the Excel sheets contain more than 100 work items.

Details

Examples of security work items

Below is a screenshot showing a feature with some of the security work items that were generated as well as two examples of work items. Note that certain properties have been added as tags to the work item, e.g. standard, category, ID, assessment interval, security target.

Alt text

Owner: Cyber Security Team

Intended for​

Prerequisites​

Activities​

Download ABB Cyber Security Assessment Tool Importer​

Install the tool​

Add personal access token​

Run the script​

Details​

Examples of security work items​