Generally speaking, I believe that designing for extensibility is the next big thing. Every system has unique properties (unless, perhaps, it is a replicated SaaS). While SCAP uses well-known content (DISA, USGCB, etc) the ability to overlay/extend rulesets seems key to go beyond checkbox compliance.
The NIST OSCAL project (https://pages.nist.gov/OSCAL/) supports leveraged authorizations using multiple catalogs of controls and tailored profile subsets. For example, an application with unique controls could leverage the system security plan of the underlying cloud service provider. BTW, NIST posted two vacancies for OSCAL/SCAP, see: https://www.usajobs.gov/GetJob/ViewDetails/611343300 Just some Friday thoughts, =Fen On Fri, Aug 20, 2021 at 9:00 AM Matej Tyc <ma...@redhat.com> wrote: > Hello Sohan, > the only means how to create or modify the content is to edit text files > and submit pull requests. > I would recommend you the training that you can perform on your own > environment, just needing a Fedora VM: > https://github.com/RedHatDemos/SecurityDemos/blob/master/2021Labs/CustomSecurityContent/documentation/lab0_setup-devconf.adoc#04-setting-up-the-lab-environment-using-fedora-virtual-machine > Good luck, > Matej > > On 02. 08. 21 6:54, Sohan Kshirsagar wrote: > > Hi > Though In the Scap-Workbench documentation it is written that addition of > new rules is not possible, I feel it should be possible to do so by > manipulating the SSG content or the Data Stream files. > > Please guide me if there is a way to do so. Also I will be obliged if you > could send some guide so as to create new rules and checks. > My goal is to do a CIS audit in addition of some rules currently not in > the Scap-workbench set of checks. > > Thanks and Regards > > Sohan > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > _______________________________________________ > scap-security-guide mailing list -- > scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
