Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor/cis controls #38

Merged
merged 2 commits into from
Jul 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 27 additions & 5 deletions CIS_controls/README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,36 @@
# CIS Controls conversion script

The Centre for Internet Security (CIS) produce a number of cross industry standards for IT security including their [platform specific benchmarks](https://www.cisecurity.org/cis-benchmarks/) and a suite of [controls](https://www.cisecurity.org/controls/). This demo converts a spreadsheet of those controls into a a catalog and three profiles.
The Centre for Internet Security (CIS) produce a number of cross industry standards for IT security including their [platform specific benchmarks](https://www.cisecurity.org/cis-benchmarks/) and a suite of [controls](https://www.cisecurity.org/controls/). This demo converts a spreadsheet of those controls into a catalog and three profiles.

## Using this demonstration
## Prerequisites

Download the CIS controls excel spreadsheet to your chosen location. Run the script by
Download the [CIS controls Excel spreadsheet](https://www.cisecurity.org/controls/) to your chosen location.

1. Running `make install` to ensure all dependencies are installed.
Download this repo

1. Run the script by `python create_cis_catalogs_profiles.py -i path_to_cis_spreadsheet.xlsx -o output_directory_defaults_to_cwd`
```
> cd
> mkdir git
> cd git
> git clone https://github.com/oscal-compass/compliance-trestle-demos.git
```

Install compliance trestle, ideally in a python virtual environment.

```
> cd
> python -m venv venv.compliance-trestle-demos
> source venv.compliance-trestle-demos/bin/activate
> cd git/compliance-trestle-demos
> make install
```

## Running the demo

```
> cd CIS_controls
> python create_cis_catalogs_profiles.py -i path_to_cis_spreadsheet.xlsx -o output_directory_defaults_to_cwd
```

In the chosen output directory 1 catalog and 3 profiles will be created.

Expand Down
2 changes: 1 addition & 1 deletion CIS_controls/create_cis_catalogs_profiles.py
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ def run(input_xls: pathlib.Path, output_directory: pathlib.Path, cis_version: st
def write_profile(profile: ospro.Profile, control_list: List[str], path: pathlib.Path):
"""Fill in control list and write the profile."""
include_controls: List[str] = []
selector = ospro.SelectControlById()
selector = ospro.SelectControl()
selector.with_ids = control_list
include_controls.append(selector)
profile.imports[0].include_controls = include_controls
Expand Down
Loading