Hi, The policy source data format proposal is available and ready for comments. The text has been submitted as a pull request on GitHub to make the discussion easier using comments and reviews. See https://github.com/ComplianceAsCode/content/pull/5817 We are looking forward to seeing your feedback on GitHub.
What is it about? We will use the policy source data format to improve development of our profiles. It will allow us to store security controls and requirements in the repository and then define profiles by using their IDs instead of separate rules. This is done in order to solve the problem that there is no easy way to demonstrate to profile stakeholders the status of their profile. Intended workflow: * SME identifies security controls the policy consists of. Those controls serve as direct input for our profiles. * SME goes through controls, and makes sure that they are sufficiently covered by rules. * SME fine-tunes the profile by overriding a couple of individual rules in the profile file. Once the format is accepted we can start developing tools that support this new workflow. In future, we can also use it for further refactoring, for example streamlining the generation of HTML tables. Best regards -- Jan Černý Security Technologies | Red Hat, Inc. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
