Eugene Aronne

Add relative_path to url fetcher

2

Similar to this: ``` depends: - name: cms-ars-5.0-moderate-red-hat-enterprise-linux-8-stig-overlay git: https://github.com/ejaronne/cms-ars-5.0-red-hat-enterprise-linux-8-stig-overlay.git relative_path: cms-ars-5.0-moderate-red-hat-enterprise-linux-8-stig-overlay ``` requesting this as prototyped here: https://github.com/ejaronne/cms-ars-5.0-red-hat-enterprise-linux-8-stig-overlay/blob/desired-url-relative-path/inspec.yml: ``` depends: - name: cms-ars-5.0-moderate-red-hat-enterprise-linux-8-stig-overlay url: https://github.com/ejaronne/cms-ars-5.0-red-hat-enterprise-linux-8-stig-overlay/archive/master.tar.gz relative_path: cms-ars-5.0-moderate-red-hat-enterprise-linux-8-stig-overlay ``` Why?...

input sensitive flag ignored when using overlay (dependent) profiles

2

Example: https://github.com/mitre/aws-rds-oracle-mysql-ee-5.7-cis-baseline/blob/ce6494b717e8bbdbe9b601ca85621c072ed0d529/inspec.yml#L30-L45 When creating "overlay" profiles that depend on another "baseline" profile as in the example above, one is forced to reiterate any of the input declarations from the "depends"...

saf utils {passthrough,target} {read,write} support

1

add a submodule to 'apply' that either adds a data object to the .passthrough or to the .target root element `saf attest apply passthrough -i existing.hdf --passthrough-data [file || object]...

based on: https://www.cisa.gov/sites/default/files/publications/2020%2009%2003_%20CDM%20Program%20AWARE%20Scoring_Fact%20Sheet_2.pdf

similar to the current exporter from Heimdall

Add saf convert:hdf2splunk and saf convert:splunk2hdf

1

based on https://github.com/mitre/hdf-json-to-splunk and heimdall's Splunk load capability.

nist array in CIS excel data

1

I maintain the https://github.com/mitre/inspec_tools/blob/master/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx spreadsheet used by inspec_tools. Currently, I only name one NIST control to associate with one CIS control. If I were to populate an array, say, AC-2,...

xlsx2inspec doesn't map CIS to NIST tags properly

2

Many CIS benchmarks cite multiple CIS CSC security controls in their benchmarks. In addition, some cite from different versions of the CIS CSC security controls, often citing a version 6...

allow to input a list of json filenames from a file

LOE to update AWS CIS Foundations InSpec Profile to the latest CIS benchmark

1

Need an estimate on the amount of work required to update the current profile to align with the latest AWS CIS Foundations benchmark document