Comments (5)
rbclark
commented on June 27, 2024
@ejaronne Do you have any input on this? I believe I mentioned this to you at one point and you suggested leaving the duplicates for conversion back to xccdf but I could be misremembering the conversation.
from saf.
ejaronne
commented on June 27, 2024
This is intended to emulate exactly the related controls from the DISA STIG itself. It is not a duplication. In this case, multiple CCI's support different aspects of AC-2(4), as shown in the DISA STIG Viewer:
from saf.
aaronlippold
commented on June 27, 2024
However, the other thing I would not hear is that since we don’t actually
keep the relationship intact There really isn’t any need to have multiple
data elements in the array. We ever needed to find the association we could
look at the XML and the CCI to find out which 853 control it belongs to
On Tue, Nov 23, 2021 at 6:41 PM Eugene Aronne ***@***.***> wrote:
This is intended to emulate exactly the related controls from the DISA
STIG itself. It is not a duplication. In this case, multiple CCI's support
different aspects of AC-2(4), as shown in the DISA STIG Viewer:
[image: image]
<https://user-images.githubusercontent.com/34140975/143145961-8bfdbe59-6305-493d-8a4f-1488db0b9246.png>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<mitre/saf#93>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALK42FSQDYJXWM4HAP5IX3UNQRCZANCNFSM5FTYIMZA>
.
--
--------
Aaron Lippold
***@***.***
260-255-4779
twitter/aim/yahoo,etc.
'aaronlippold'
from saf.
rlakey
commented on June 27, 2024
Just wanted to bring this back up. I believe it still is a duplication of data. STIG Viewer displays this data differently as it shows each CCI and it's corresponding NIST control family where as in InSpec these are separate lists with no relation of CCI to NIST and should be deduped.
The NIST data isn't even in the XCCDF so converting back and forth should not be a concern. STIG Viewer is adding that data based on CCI and so are all of the MITRE tools.
from saf.
aaronlippold
commented on June 27, 2024
Yes, I think we can and a uniq to the cci and nist tag generator
from saf.
Related Issues (20)
- Summary: Small Fixes for standardization naming, order etc- no_impact, skipped, etc
- Support github's security-severity in SARIF HOT 8
- Please find a new home for the two exported functions that have 'nothing' to do with logging. HOT 1
- Fix Threshold Capability, reorganize, properly document, type etc. - aka 'the Summary Treatment' please
- Centeralize, Fix and implement Logging and Log Level correctly project wide
- Add TS-DOC generation to the GitHub Actions, publish to either Pages or Netlify etc.
- Add colored and --no-colored text table to summary generators
- Add colored and --no-colored text table generator to Threshold
- Add unit tests to saf view heimdall
- Refactor global utils to sperate out core functions into common groups - .".. we're not running an intergalactic kegger down here"
- This need to be moved into inspecjs
- Extend in inspecjs HOT 2
- profile improvements HOT 2
- saf convert ckl2POAM seems to not work on JSON based STIG CheckList files HOT 1
- support goss json to ckl HOT 1
- Improve SAF CLI Release
- Additions of Microsoft Secure Score Artifact Support for HDF Converters
- New mappers development needed
- Bug in POAM converter
- Need a test suite for POAM converter
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from saf.