Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PFR] Future Controls Mapping #149

Closed
jonrau1 opened this issue Jun 8, 2023 · 4 comments
Closed

[PFR] Future Controls Mapping #149

jonrau1 opened this issue Jun 8, 2023 · 4 comments
Assignees
Labels
documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed

Comments

@jonrau1
Copy link
Owner

jonrau1 commented Jun 8, 2023

Story

As the maintainer of ElectricEye, I want to add more controls frameworks and standards mapping so that I can finally be done with eternal GRC hellscape.

Definition of Done

1st pass added a mechanism to actually perform the mapping though it isn't the prettiest, and neither is the "cross-walking" in the outputs. Also, I missed a few frameworks that need more manual intervention.

  • Rewrite the Cross-walking Function: Right now, throwaway code in every function is included in the files that need it, while I cannot solve for needing to edit older functions - I can make it cleaner. Will need to write a new Class within outputs.main.processor that will take in either the finding Finding dict or the Compliance.RelatedRequirements list and do the unique-only cross-mapping.
  • CIS Benchmarks: CIS Benchmarks for GCP, Oracle Cloud, AWS (COMPLETE), and maybe some for M365 to add more Checks there.
  • Other frameworks: Canada's Protected B / the older ITSG-33 for the Maple Syrup Fans, LATAM or APAC frameworks, AWS Well Architected, HITRUST CSF V11, back-mapping NIST 800-53 Rev 5 to MITRE Attack V10 mitgations?

Nice to Have

Still not convinced I want to map to ATT&CK mitigations

Additional Information

Tbd

@jonrau1 jonrau1 added documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed labels Jun 8, 2023
@jonrau1 jonrau1 self-assigned this Jun 8, 2023
@jonrau1
Copy link
Owner Author

jonrau1 commented Jun 27, 2023

AWS CIS Benchmark V1.5 completed with #162

@jonrau1
Copy link
Owner Author

jonrau1 commented Feb 10, 2024

AWS CIS Benchmarks V2.0 and V3.0 and CIS AWS Database Benchmark V1.0 and MITRE ATT&CK Completed by #226

@jonrau1
Copy link
Owner Author

jonrau1 commented Jun 20, 2024

Azure CIS benchmarks completed by #274

@jonrau1
Copy link
Owner Author

jonrau1 commented Aug 27, 2024

Controls are STUPID!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed
Projects
Development

No branches or pull requests

1 participant