saf
saf copied to clipboard
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline se...
Use `jq` or simular to format the output prior to printing to STDOUT or file writting so we don't have to do it in the pipeline or scripts in use.
This includes adding files from re-running the view command, and watching a folder for new input files
In order to be used on Federal systems, software needs to be mapped to 800-53. A mapping in OSCAL would be ideal.
STIG controls with multiple SRG IDs and therefore multiple CCIs often reference the same NIST control family. When running for example xccdf2inspec and this scenario occurs there will be multiple...
When a new version of a STIG comes out, Inspec profile developers currently have to copy and paste the check code into the new stub generated by inspec_tools. It would...
I maintain the https://github.com/mitre/inspec_tools/blob/master/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx spreadsheet used by inspec_tools. Currently, I only name one NIST control to associate with one CIS control. If I were to populate an array, say, AC-2,...
Would be helpful if inspec_tools could take InSpec results JSONs and put them in a CSV table, with one row for each control(/test?) including the result. I have had sponsors...
It appears the width specified in the mapping yaml file is not honored and we are hard coded to 80.
When generating xccdf with inspec_tools and importing it into STIG Viewer it does not display the same metadata at the top of a control as a DISA generated xccdf. inspec_tools...