Add missing NIST 800-53 tags

GoogleCloudPlatform · Jul 4, 2021 · a80ee47 · a80ee47
1 parent a3f68f6
commit a80ee47
Show file tree

Hide file tree

Showing 54 changed files with 62 additions and 54 deletions.
diff --git a/controls/1.01-iam.rb b/controls/1.01-iam.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-3"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#use_corporate_login_credentials'

diff --git a/controls/1.02-iam.rb b/controls/1.02-iam.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["IA-2"]
+  tag nist: ['IA-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/solutions/securing-gcp-account-u2f'

diff --git a/controls/1.03-iam.rb b/controls/1.03-iam.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['IA-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/security-key/'

diff --git a/controls/1.04-iam.rb b/controls/1.04-iam.rb
@@ -45,7 +45,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys'

diff --git a/controls/1.05-iam.rb b/controls/1.05-iam.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-6"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/'

diff --git a/controls/1.06-iam.rb b/controls/1.06-iam.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-6"]
+  tag nist: %w[AC-2 AC-3]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts'

diff --git a/controls/1.07-iam.rb b/controls/1.07-iam.rb
@@ -40,7 +40,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-12"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys'

diff --git a/controls/1.08-iam.rb b/controls/1.08-iam.rb
@@ -39,7 +39,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-5"]
+  tag nist: %w[AC-2 AC-3]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts'

diff --git a/controls/1.09-iam.rb b/controls/1.09-iam.rb
@@ -34,7 +34,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-5"]
+  tag nist: ['AC-3']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation'

diff --git a/controls/1.10-iam.rb b/controls/1.10-iam.rb
@@ -41,7 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-12"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation'

diff --git a/controls/1.11-iam.rb b/controls/1.11-iam.rb
@@ -38,7 +38,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-5"]
+  tag nist: %w[AC-2 AC-3 AC-6]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/separation-of-duties'

diff --git a/controls/1.12-iam.rb b/controls/1.12-iam.rb
@@ -40,7 +40,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'

diff --git a/controls/1.13-iam.rb b/controls/1.13-iam.rb
@@ -41,7 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'

diff --git a/controls/1.14-iam.rb b/controls/1.14-iam.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'

diff --git a/controls/1.15-iam.rb b/controls/1.15-iam.rb
@@ -41,7 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
 

diff --git a/controls/2.01-logging.rb b/controls/2.01-logging.rb
@@ -50,7 +50,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-2", "AU-2"]
+  tag nist: %w[AU-6 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/audit/'

diff --git a/controls/2.02-logging.rb b/controls/2.02-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-4 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging'

diff --git a/controls/2.03-logging.rb b/controls/2.03-logging.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AU-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/bucket-lock'

diff --git a/controls/2.04-logging.rb b/controls/2.04-logging.rb
@@ -51,7 +51,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AU-12']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.05-logging.rb b/controls/2.05-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.06-logging.rb b/controls/2.06-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.07-logging.rb b/controls/2.07-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.08-logging.rb b/controls/2.08-logging.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.09-logging.rb b/controls/2.09-logging.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.10-logging.rb b/controls/2.10-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/2.11-logging.rb b/controls/2.11-logging.rb
@@ -38,7 +38,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'

diff --git a/controls/3.01-networking.rb b/controls/3.01-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#firewall_rules'

diff --git a/controls/3.02-networking.rb b/controls/3.02-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#creating_a_legacy_network'

diff --git a/controls/3.03-networking.rb b/controls/3.03-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html'

diff --git a/controls/3.04-networking.rb b/controls/3.04-networking.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options'

diff --git a/controls/3.05-networking.rb b/controls/3.05-networking.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options'

diff --git a/controls/3.06-networking.rb b/controls/3.06-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-7"]
+  tag nist: %w[CM-7 CA-3 SC-7]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'

diff --git a/controls/3.07-networking.rb b/controls/3.07-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-7"]
+  tag nist: %w[CM-7 CA-3 SC-7]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'

diff --git a/controls/3.08-networking.rb b/controls/3.08-networking.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SI-4"]
+  tag nist: %w[AU-12 SI-4]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging'

diff --git a/controls/3.09-networking.rb b/controls/3.09-networking.rb
@@ -34,7 +34,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['SC-1']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/load-balancing/docs/use-ssl-policies'

diff --git a/controls/4.01-vms.rb b/controls/4.01-vms.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-6"]
+  tag nist: %w[AC-2 AC-6]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances'

diff --git a/controls/4.02-vms.rb b/controls/4.02-vms.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AC-2 AC-6]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances'

diff --git a/controls/4.03-vms.rb b/controls/4.03-vms.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys'

diff --git a/controls/4.04-vms.rb b/controls/4.04-vms.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/managing-instance-access'

diff --git a/controls/4.05-vms.rb b/controls/4.05-vms.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-7']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/interacting-with-serial-console'

diff --git a/controls/4.06-vms.rb b/controls/4.06-vms.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[CM-6 CM-8]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#canipforward'

diff --git a/controls/4.07-vms.rb b/controls/4.07-vms.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['SC-1']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#encrypt_a_new_persistent_disk_with_your_own_keys'

diff --git a/controls/4.08-vms.rb b/controls/4.08-vms.rb
@@ -54,7 +54,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['SC-1']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/modifying-shielded-vm'

diff --git a/controls/5.01-storage.rb b/controls/5.01-storage.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-2"]
+  tag nist: %w[AC-2 CA-3]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/access-control/iam-reference'