A couple of things to think about as we move towards the idea of Compliance
As Code and a
central CLI/WebUI.
1. We are moving away from authoring content in XML and towards a YAML
style format which
was shown at Defense in Depth last year. Many people were smiling and
liking the idea.
Even now, playing with YAML as the authoring language at DevConf has
people smiling and
exclaiming how easy it is to use. There is no perfect format, but we
have had too much
feedback over the dislike of XML for authoring.
2. One guide authoring language to many outputs. In essence, the build
system would consume
the YAML guides (migrated from XCCDF), Ansible, BASH, Inspec, OVAL
(possibly migrating
writing this in YAML), etc. to output in DS, XCCDF, Ansible/Bash roles,
Inspec, etc. to be
consumed by the engine of your choice. Don't think that the OpenSCAP
scanner should
actually consume Inspec content..... or maybe it should. Also, just to
be clear, SCAP formats
would still be generated as output for consuming in SCAP scanners.
3. DB would most likely be used for this central CLI/WebUI as a way to
store, manipulate, and
potentially generate the data/content for SSPs, SCAP reports, etc.
4. Think beyond a CM tool. That would just one potential component of this.
What other tooling
could be used in the future to solve security issues in the
disconnected space? For example
OpenControl allows you to code and generate a SSP. What else could be
an addon or
integrated?
It is important to note that OpenControl and SSG for example would still be
separate projects
that would be consumed by the CLI/DB/WebUI for generation, reporting, etc.
On Thu, Feb 1, 2018 at 11:59 AM, Matthew <[email protected]> wrote:
> I knew about inspec, but everything else is new to me. One thing I dislike
> about gov't work, is your so far behind on learning/using new tech.
>
>
>
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide@lists.
> fedorahosted.org
> To unsubscribe send an email to scap-security-guide-leave@
> lists.fedorahosted.org
>
>
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
