Hello Mark, thank you for the questions, I will try to answer them inline. The rule of thumb is that you should be allowed to have narrow scope and still be able to contribute comfortably.
On Thu, Dec 19, 2019 at 9:15 PM Salowitz, Mark A CTR < mark.a.salow...@uscg.mil> wrote: > Good afternoon, > > Before I start getting too far down the road with creating the rule for > this, I had some basic process questions about the contents of references > and identifiers in the rule.yml. Basically, I don't know where to obtain > about 60% of the documents referenced in other similar rules. > > Inside, for example, > linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml > there are references to cui, cis, hipaa, and so on... > - Do I need to establish those as part of the rule writing, and if so, is > there a handy place to obtain that information? > - if the answer is no, should I leave stubs entries for the other > guidance documents ( eg "hipaa: " ) and just focus on populating the DISA > information > No, you don't need to populate other points. And don't bother with the stubs there. When HIPAA or other profile requires such rule, person doing the analysis can include it by simple edit of the rule file. - How do I find out if a CCE has been assigned for the rule and add it to > identifiers > As far as I know, there is no working CEE database. So if rule you are creating is for Red Hat product and is not part of CaC/content project, just assume it needs new CCE. Pick it from the available CCEs in `./shared/references/cce-redhat-avail.txt`. - I'm unfamiliar with the offerings outside the EL(5-8) products, how do I > (or do I) determine product applicability for prodtype > Don't :) Other products will be able to easily extend it, if needed. > I'd like to do as much right as I can out the gate, so thanks in advance > for any and all advice, > > Mark Salowitz, CTR > Principal Architect, PaaS Engineering > Ace Info Solutions, a Dovel company > ITILĀ® V3 Foundation Certified > CompTIA Security+ CE > USCG Operations Systems Center > email: <mailto:mark.a.salow...@uscg.mil> > phone: (304) 433-3200 > Hope it helped and happy holidays! Marek
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
