-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review current approaches to defining rules to confirm minimal data fields in rules-related models #1391
Comments
rule
practically needs to encode
@david-waltermire-nist, I know this spike is about tool review. I am going to un-assign #1160 from this issue because the "update models' Metaschema and make content examples" is what we ended up doing towards the tail end of #1339 and is in flight, #1364. |
Dave and I down-scoped which content examples we will look at for the two categories and sync back up to discuss my impressions in our next pairing session. Looking at the OCPv4 SCAP guides and OVAL profiles. Will prefer the CSA metrics over the MEDINA ones out of the interest of time if the latter are not currently public. The cloud-based API one is still TBD. |
Added some sample data and will continue draft notes here until we are ready to publish in this issue, itemize next steps, and close this issue out. |
We met today and planned to continue with this work in an afternoon pairing session tomorrow. |
I am moving this to Sprint 61. |
Not completed last sprint and not in scope for Sprint 63, moving to the backlog. |
Review current approaches for security testing processes and tools, confirm we represent MVP data points for what a
rule
practically needs to encode.Ideally, we would like to review the mechanics and characteristics of the different kinds of security testing tools.
A Linux operating system OpenSCAP scan profile, per taste/choice of assigned developers (A.J. and Dave to discuss)Security operations metrics from the EU/ENISA MEDINA project, if available and publicly shareableThe text was updated successfully, but these errors were encountered: