| management | ||
| migrations | ||
| .gitignore | ||
| __init__.py | ||
| admin.py | ||
| admin_audit.py | ||
| allocation_workflow_audit.py | ||
| apps.py | ||
| backfill.py | ||
| middleware.py | ||
| models.py | ||
| project_review_audit.py | ||
| README.md | ||
| resolvers.py | ||
| signals.py | ||
| tests.py | ||
| utils.py | ||
CMMC ColdFront Audit Plugin
The CMMC Audit plugin provides a single audit trail for governance actions in ColdFront.
CMMC stands for Cybersecurity Maturity Model Certification, the cybersecurity framework used by the U.S. Department of Defense to assess and validate security practices. This plugin was developed with CMMC Level 2 evidence collection and review in mind. The event categories, terminology, and presentation were intentionally aligned with common CMMC evidence areas such as Access Control (AC), Audit and Accountability (AU), and Configuration Management (CM).
The plugin is not intended to make a ColdFront deployment "CMMC compliant." Instead, it helps produce operational evidence that can support audits, reviews, and internal governance processes.
ColdFront already stores a significant amount of information in Django admin logs, workflow records, and historical tables. The problem is that the information is spread across multiple places and is often difficult to interpret. Determining who approved an allocation, who renewed access, who changed a project's PI, or who added a user to a project can require tracing multiple records and workflow states.
This plugin creates a single append-only audit trail that records these actions in a form that is easier for administrators, project reviewers, and auditors to understand.
Why Use It?
The plugin helps answer questions such as:
- Who approved this allocation?
- Who renewed this allocation?
- Who added this user to the project?
- When was a project archived?
- When was a user upgraded to PI status?
- What changes were made to a resource?
- What evidence exists to support a CMMC review?
It also provides a historical reconstruction capability that can populate the audit log from existing ColdFront records.
Evidence Categories
The plugin groups events into CMMC-oriented evidence categories.
Access Control (AC)
Examples:
- User added to project
- User removed from project
- User role changes
- PI status changes
- Allocation approvals
- Allocation renewals
- Allocation revocations
Audit and Accountability (AU)
Examples:
- Administrative actions
- Project review activity
- Allocation workflow history
- Historical reconstruction records
Configuration Management (CM)
Examples:
- Resource creation
- Resource modification
- Resource deletion
What the Plugin Records
Project Events
- Project creation
- Project archival
- Project deletion
- Project status changes
- Project PI changes
Project Membership Events
- User added to project
- User removed from project
- User role changes
Allocation Events
- Allocation requests
- Allocation approvals
- Allocation denials and revocations
- Allocation renewals
- Allocation renewal requests
- Allocation expiration
Project Review Events
- Review forced
- Review submitted
- Review completed
- Review status changes
User and Permission Events
- PI status changes
- Administrator privilege changes
Resource Events
- Resource creation
- Resource modification
- Resource deletion
Administrative Events
- Django admin additions
- Django admin modifications
- Django admin deletions
Historical Reconstruction
The plugin can reconstruct historical audit records from:
- Django admin logs
- ColdFront historical tables
Historical reconstruction is best effort. It does not invent information that was never recorded. For example, it cannot reconstruct IP addresses, user intent, comments, request paths, or actions that do not exist in the source records.
Reconstructed records are clearly marked and retain references to their original source.
Historical reconstruction is implemented as an explicit management command and is never run automatically during application startup.
Recommended sequence:
coldfront backfill_cmmc_audit --dry-run
coldfront backfill_cmmc_audit --commit
The command records a BackfillRun marker after successful completion. Subsequent executions will not recreate events unless explicitly forced.
Reconstructed records are marked as reconstructed and retain source provenance information including the originating Django admin log entry or ColdFront historical record.
Installation
The plugin is designed to be installed into an existing ColdFront deployment without modifying ColdFront core code.
1. Install the Plugin
Copy the plugin into the ColdFront plugins directory:
cp -a cmmc_audit /srv/coldfront/venv/lib/python3.11/site-packages/coldfront/plugins/
Verify the files are present:
ls /srv/coldfront/venv/lib/python3.11/site-packages/coldfront/plugins/cmmc_audit
2. Enable the Plugin
Add the plugin to the ColdFront configuration:
INSTALLED_APPS += [
"coldfront.plugins.cmmc_audit",
]
3. Review Database Changes
Before applying migrations:
coldfront showmigrations cmmc_audit
All migrations should belong to the cmmc_audit application. The plugin does not intentionally modify ColdFront core database tables.
4. Apply Migrations
coldfront migrate cmmc_audit
Validate the installation:
coldfront check
5. Restart ColdFront
Restart the ColdFront application service using your site's normal deployment procedure.
6. Verify Operation
Log into Django Admin and confirm that a new section named CMMC Audit appears.
Verify that events are being recorded when:
- Projects are modified
- Allocations are approved or renewed
- Users are added to projects
- Resources are created or modified
7. Optional Historical Reconstruction
Review the proposed changes:
coldfront backfill_cmmc_audit --dry-run
Populate historical records:
coldfront backfill_cmmc_audit --commit
Rollback
To disable the plugin:
- Remove
coldfront.plugins.cmmc_auditfromINSTALLED_APPS. - Restart ColdFront.
Existing audit data will remain in the database unless the plugin tables are explicitly removed.
Project Review Workflow Coverage
ColdFront project reviews are based on the Project.force_review and Project.requires_review fields. The plugin records:
- Review forced
- Review submitted
- Review completed
- Review status changes
The plugin captures review workflow events without modifying ColdFront core source code.
Limitations
- Historical reconstruction is best effort.
- The plugin cannot reconstruct information that was never recorded.
- Annual review due state is computed by ColdFront and does not generate a database event when a project merely becomes due for review.
- Request-for-updates emails do not currently change review state and therefore are not recorded as review status events.
- Slurm partition restrictions, FreeIPA administration, operating system account changes, and other external systems are only captured when they are represented by ColdFront records.
- Some functionality relies on wrapping existing ColdFront workflow views because suitable extension hooks are not available in all cases.
Development Notes
Smoke tests should use Django's test database or an explicit rollback strategy. Test users, projects, resources, allocations, and audit records should not be left in a shared development database because they become indistinguishable from real operational evidence.
During development, reconstructed rows can be reset and regenerated:
from coldfront.plugins.cmmc_audit.models import AuditEvent, BackfillRun
AuditEvent.objects.filter(is_reconstructed=True).delete()
BackfillRun.objects.filter(name="initial_historical_backfill").delete()
Disclaimer
This software is distributed in the hope that it may be useful to other ColdFront administrators and HPC centres. It is provided as-is, without warranty of any kind, express or implied. The author and contributors make no guarantees regarding correctness, fitness for a particular purpose, security, reliability, or suitability for any specific environment.
ColdFront deployments vary significantly between institutions. Authentication methods, plugins, workflow customisations, database contents, and local operational practices may differ substantially from the environments in which this plugin was developed and tested. As a result, behaviour may differ from site to site.
This plugin is intended to create and populate its own database tables and does not intentionally modify ColdFront core tables or source code. However, as with any software, unknown defects may exist. Bugs, configuration errors, unexpected interactions with local customisations, or future ColdFront changes could result in unintended behaviour, including data corruption or data loss.
Before deploying this plugin:
- Review the source code and database migrations.
- Follow your organisation's normal backup and recovery procedures.
- Ensure that recent database backups are available and tested.
- Validate the plugin in a development or staging environment that closely resembles production.
- Perform representative workflow testing before enabling the plugin in production.
- Review the output of any historical reconstruction or backfill operations before committing changes.
The responsibility for evaluating, testing, deploying, and operating this software rests entirely with the local site administrators.
Open Source Work Product
This plugin was developed by G. Matthew Fricke at the University of New Mexico Center for Advanced Research Computing (CARC) and is being released as open source software in the hope that it may be useful to other ColdFront administrators and HPC centres.
The software was developed to address operational auditing and evidence collection requirements observed during CARC's own governance, compliance, and security review activities. Other organisations may have different policies, workflows, compliance requirements, and interpretations of evidence collection standards.
Contributions, bug reports, improvements, and independent review are encouraged. Users are encouraged to inspect the source code, validate the plugin in their own environments, and adapt it as necessary for local requirements.