Nist tagging (#84)

* Added NIST tags based on Vulnerability findings * Added empty arrays for untagged controls
GoogleCloudPlatform · Jul 4, 2021 · a3f68f6 · a3f68f6
1 parent 00ca916
commit a3f68f6
Show file tree

Hide file tree

Showing 53 changed files with 53 additions and 0 deletions.
diff --git a/controls/1.01-iam.rb b/controls/1.01-iam.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-3"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#use_corporate_login_credentials'

diff --git a/controls/1.02-iam.rb b/controls/1.02-iam.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["IA-2"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/solutions/securing-gcp-account-u2f'

diff --git a/controls/1.03-iam.rb b/controls/1.03-iam.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/security-key/'

diff --git a/controls/1.04-iam.rb b/controls/1.04-iam.rb
@@ -45,6 +45,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys'

diff --git a/controls/1.05-iam.rb b/controls/1.05-iam.rb
@@ -36,6 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-6"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/'

diff --git a/controls/1.06-iam.rb b/controls/1.06-iam.rb
@@ -42,6 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-6"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts'

diff --git a/controls/1.07-iam.rb b/controls/1.07-iam.rb
@@ -40,6 +40,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SC-12"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys'

diff --git a/controls/1.08-iam.rb b/controls/1.08-iam.rb
@@ -39,6 +39,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-5"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts'

diff --git a/controls/1.09-iam.rb b/controls/1.09-iam.rb
@@ -34,6 +34,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-5"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation'

diff --git a/controls/1.10-iam.rb b/controls/1.10-iam.rb
@@ -41,6 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SC-12"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation'

diff --git a/controls/1.11-iam.rb b/controls/1.11-iam.rb
@@ -38,6 +38,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-5"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/separation-of-duties'

diff --git a/controls/1.12-iam.rb b/controls/1.12-iam.rb
@@ -40,6 +40,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'

diff --git a/controls/1.13-iam.rb b/controls/1.13-iam.rb
@@ -41,6 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'

diff --git a/controls/1.14-iam.rb b/controls/1.14-iam.rb
@@ -42,6 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'

diff --git a/controls/1.15-iam.rb b/controls/1.15-iam.rb
@@ -41,6 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
 

diff --git a/controls/2.01-logging.rb b/controls/2.01-logging.rb
@@ -50,6 +50,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-2", "AU-2"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/audit/'

diff --git a/controls/2.02-logging.rb b/controls/2.02-logging.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging'

diff --git a/controls/2.03-logging.rb b/controls/2.03-logging.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/bucket-lock'

diff --git a/controls/2.04-logging.rb b/controls/2.04-logging.rb
@@ -51,6 +51,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.05-logging.rb b/controls/2.05-logging.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.06-logging.rb b/controls/2.06-logging.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.07-logging.rb b/controls/2.07-logging.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.08-logging.rb b/controls/2.08-logging.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.09-logging.rb b/controls/2.09-logging.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.10-logging.rb b/controls/2.10-logging.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.11-logging.rb b/controls/2.11-logging.rb
@@ -38,6 +38,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/3.01-networking.rb b/controls/3.01-networking.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#firewall_rules'

diff --git a/controls/3.02-networking.rb b/controls/3.02-networking.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#creating_a_legacy_network'

diff --git a/controls/3.03-networking.rb b/controls/3.03-networking.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html'

diff --git a/controls/3.04-networking.rb b/controls/3.04-networking.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options'

diff --git a/controls/3.05-networking.rb b/controls/3.05-networking.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options'

diff --git a/controls/3.06-networking.rb b/controls/3.06-networking.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SC-7"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'

diff --git a/controls/3.07-networking.rb b/controls/3.07-networking.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SC-7"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'

diff --git a/controls/3.08-networking.rb b/controls/3.08-networking.rb
@@ -42,6 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SI-4"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging'

diff --git a/controls/3.09-networking.rb b/controls/3.09-networking.rb
@@ -34,6 +34,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/load-balancing/docs/use-ssl-policies'

diff --git a/controls/4.01-vms.rb b/controls/4.01-vms.rb
@@ -36,6 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-6"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances'

diff --git a/controls/4.02-vms.rb b/controls/4.02-vms.rb
@@ -42,6 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances'

diff --git a/controls/4.03-vms.rb b/controls/4.03-vms.rb
@@ -36,6 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys'

diff --git a/controls/4.04-vms.rb b/controls/4.04-vms.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/managing-instance-access'

diff --git a/controls/4.05-vms.rb b/controls/4.05-vms.rb
@@ -42,6 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/interacting-with-serial-console'

diff --git a/controls/4.06-vms.rb b/controls/4.06-vms.rb
@@ -36,6 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#canipforward'

diff --git a/controls/4.07-vms.rb b/controls/4.07-vms.rb
@@ -42,6 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#encrypt_a_new_persistent_disk_with_your_own_keys'

diff --git a/controls/4.08-vms.rb b/controls/4.08-vms.rb
@@ -54,6 +54,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/modifying-shielded-vm'

diff --git a/controls/5.01-storage.rb b/controls/5.01-storage.rb
@@ -33,6 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-2"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/access-control/iam-reference'

diff --git a/controls/5.02-storage.rb b/controls/5.02-storage.rb
@@ -48,6 +48,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/uniform-bucket-level-access'

diff --git a/controls/6.01-db.rb b/controls/6.01-db.rb
@@ -40,6 +40,7 @@
   tag cis_gcp: sub_control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SC-7"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/create-manage-users'

diff --git a/controls/6.02-db.rb b/controls/6.02-db.rb
@@ -37,6 +37,7 @@
   tag cis_gcp: sub_control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["CA-3", "SC-7"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag'

diff --git a/controls/6.03-db.rb b/controls/6.03-db.rb
@@ -37,6 +37,7 @@
   tag cis_gcp: sub_control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["AC-3"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/sqlserver/flags'

diff --git a/controls/6.04-db.rb b/controls/6.04-db.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: ["SC-7"]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/configure-ssl-instance'

diff --git a/controls/6.05-db.rb b/controls/6.05-db.rb
@@ -35,6 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
+  tag nist: []
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/configure-ip'