Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nist tagging #84

Merged
merged 2 commits into from
Jul 4, 2021
Merged

Nist tagging #84

merged 2 commits into from
Jul 4, 2021

Conversation

bkwilcox100
Copy link
Contributor

Added relevant tags and empty arrays

aaronlippold
aaronlippold suggested changes Jun 23, 2021
View reviewed changes
Copy link
Contributor

@aaronlippold aaronlippold left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, Great start.

Are you all referencing https://github.com/mitre/inspec_tools/blob/master/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx to get the mappings or most of them?

If you look at the cdc_control data in the benchmark - I think we have all the controls mapped. You shouldn't have any missing mapping - looking at your benchmark v1.2.0 - you seem to have an aligned CDC control for each item - which means you will have a NIST control as well. Also, I don't see the tag cdc_control: [] in the controls as well. Perhaps we should add that as well given we will be reflecting that data anyway to get the NIST tag and rename this PR to 'control mappings'? What do you think?

controls/1.03-iam.rb
@@ -33,6 +33,7 @@
tag cis_gcp: control_id.to_s
tag cis_version: cis_version.to_s
tag project: gcp_project_id.to_s
tag nist: []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would guess that all controls can be mapped to a control. The standard pattern is - if its general - use CM-6

controls/1.04-iam.rb
@@ -45,6 +45,7 @@
tag cis_gcp: control_id.to_s
tag cis_version: cis_version.to_s
tag project: gcp_project_id.to_s
tag nist: []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would guess that all controls can be mapped to a control. The standard pattern is - if its general - use CM-6

controls/1.13-iam.rb
@@ -41,6 +41,7 @@
tag cis_gcp: control_id.to_s
tag cis_version: cis_version.to_s
tag project: gcp_project_id.to_s
tag nist: []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reference https://github.com/mitre/inspec_tools/blob/master/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx

controls/1.14-iam.rb
@@ -42,6 +42,7 @@
tag cis_gcp: control_id.to_s
tag cis_version: cis_version.to_s
tag project: gcp_project_id.to_s
tag nist: []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reference https://github.com/mitre/inspec_tools/blob/master/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx

@aaronlippold
Copy link
Contributor

also, don't forget to bump the patch version of the profile once you are done

@aaronlippold
Copy link
Contributor

Once we update heimdall to support CIS controls as well we will need the cdc_control or 'cis_control` arrays to support it.

@KonradSchieban
Copy link
Collaborator

/gcbrun

@KonradSchieban KonradSchieban merged commit a3f68f6 into GoogleCloudPlatform:master Jul 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronlippold aaronlippold aaronlippold requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bkwilcox100 @aaronlippold @KonradSchieban