Eugene Aronne
Eugene Aronne
Some users are only interested in a large subset of NIST SP 800-53 security controls relevant to their specific organization and low, moderate, high, etc baselines. In Heimdall, to the...
Currently Heimdall doesn't know how to process more than one HDF result set within a file. Some users might concatenate a set of HDF files for a given environment including...
Currently across different HDF converters, we lack clear designation of: - the name and version of the original tool (i.e., BurpSuite 5, Sonarqube 7.1, Nessus 7.3, etc.) - and "target"...
It appears this version of the profile is written to STIG V1R4, but according to the STIG revision history controls V-71895 and V-72435 were removed in V1R4, and V-72181 was...
https://github.com/simp/inspec-profile-disa_stig-el7/blob/master/controls/V-71849.rb https://github.com/simp/inspec-profile-disa_stig-el7/blob/master/controls/V-71855.rb https://github.com/simp/inspec-profile-disa_stig-el7/blob/master/controls/V-72037.rb For clarity and simplicity, recommend changing: skip "This control consistently takes a long time to run and has been disabled using the disable_slow_controls attribute. You must enable...
For better parity with the original benchmarks, update these inspec.yml fields in the MITRE SAF STIG inspec pbaselines to mimic the information viewed in STIG Viewer and eMASS: within the...
Develop "`saf supplement tag -i -m -e -n -o `" command to the SAF CLI to add tags based on existing tags within an HDF results file. The mapping file...
https://github.com/mitre/saf/commits/main/src/resources/cis2nist.json Does not correctly map based on 7.1 version of the CIS Control families: https://github.com/mitre/inspec_tools/blob/d56c3a717765b2ceb99f774d9b5379b58cb1254c/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx Furthermore, it does not account for older version 6.1: https://github.com/mitre/inspec_tools/blob/d56c3a717765b2ceb99f774d9b5379b58cb1254c/lib/data/NIST_Map_09212017B_CSC-CIS_Critical_Security_Controls_VER_6.1_Excel_9.1.2016.xlsx but perhaps that was a...
 see attached json sample: [pg12_hosted_test_01272022B.json.txt](https://github.com/mitre/heimdall2/files/7973773/pg12_hosted_test_01272022B.json.txt)
DO NOT MERGE AS IS - REMOVES THE RUNTIME COLUMN Add threat column to control rows (initially just replace Run Time with Related Threats) Before merging: - [ ] Re-add...