stig-manager
stig-manager copied to clipboard
An API and client for managing STIG assessments
DISA has published an [updated CCI list](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CCI_List.zip) that introduces mappings to controls from NIST SP800-53r5. The DB, API, and App need to be updated to store, report, and display the...
May provide Manager/Owners (and other users) greater insight into the status of their Collection. (Also one of the few remaining features available in "Classic" not yet in OSS version)
Logically, these are incompatible, but it's possible user stories could illuminate the subject.
We should add support for a JSON configuration file as an alternative to exclusively configuring the tool via envvars. An implementation of this could address the concerns behind #323 by...
Users have expressed desire to provide read-only access to Collections. Would provide visibility at the "Full" level, without ability to modify reviews. Option: Should this be a modifier applied to...
In the Findings report (and hopefully a new "Not Reviewed" report, #303 ) in the "Individual Findings" table, an Expand/Collapse all button would be very useful. Individual asset nodes must...
We've discussed this during office hours and I wanted to track it in an issue. We're interested in using the API to maintain the asset lists. Initially, we simply need...
In instances with a very large number of users, the current interface could get cumbersome. In actual user stories available now, STIGMan is being deployed in smaller, targeted instances where...
This could be accomplished via very thorough requests to API for individual reviews and their history, or by providing an API endpoint that can accept a search term, field, and...