forked from CMSgov/saf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwhatWeDo.json
297 lines (297 loc) · 11.2 KB
/
whatWeDo.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
{
"whatWeDo": [
{
"sectionHeader": "When To Use It",
"sectionDesc" : "Develop and programmatically automate security in planning, development, assessment, and operational activities",
"chevrons": [
"planning_chevron",
"development_chevron",
"assessment_chevron",
"operations_chevron"
],
"items": [
{
"name": "During PLANNING,<br />use CMS SAF to:",
"link": "",
"bullets" : [
"Identify applicable security and privacy requirements",
"Assess development best practices guidance",
"Identify CMS SAF tools to support development, assessment, & operations security processes",
"Become a participant through the Continuous Collaboration Agreement"
]
},
{
"name": "During DEVELOPMENT,<br />use CMS SAF to:",
"link": "",
"bullets" : [
"Implement relevant security hardening scripts",
"Validate security status and aggregate security testing data at each build",
"Drill-down in visualization tools to identify security defect root cause and mitigations",
"Set security testing results thresholds ","Assess development best practices guidance",
"Store or export “evidence” for assessors"
]
},
{
"name": "During ASSESSMENT,<br />use CMS SAF to:",
"link": "",
"bullets" : [
"Aggregate all security control assessment data ",
"Visualize security status to prioritize assessment activities",
"Run validation checks on prioritized areas",
"Drill-down in visualization tools to identify root cause and inform risk assessment"
]
},
{
"name": "During OPERATIONS,<br />use CMS SAF to:",
"link": "",
"bullets" : [
"Monitor security posture through validation checks",
"Aggregate normalized security testing content to enable data visualization, drill-down, and root cause analysis",
"Assign remediation actions for identified security risks"
]
}
]
},
{
"sectionHeader": "How We Support It",
"items": [
{
"name": "ACT Support",
"router_link": "CMSTeams",
"desc": "Aid ISPG ACT team in deploying tools for security assessments",
"svg": "",
"icon": ""
},
{
"name": "DevOps Onboarding for CMS Teams",
"router_link": "CMSTeams",
"desc": "Engage CMS DevOps teams to incorporate SAF tools and techniques",
"svg": "",
"icon": ""
},
{
"name": "Training for DevOps Teams",
"router_link": "training",
"desc": "7 classes provided, including DHS staff and contractors 48 CMS contractors trained to develop InSpec profiles",
"svg": "",
"icon": ""
},
{
"name": "Control Status Reporting",
"link": "https://heimdall-demo.mitre.org",
"desc": "Expand Heimdall to meet IUSG enterprise-level demands and new DevOps requirements",
"svg": "",
"icon": ""
},
{
"name": "Heimdall Lite",
"link": "",
"desc": "A lightweight version of Heimdall for simple use cases",
"icon": "",
"png" : "heimdall_logo",
"app_link": "https://heimdall-lite.mitre.org",
"app_svg": "app",
"doc_link": "https://github.com/mitre/heimdall2/blob/master/README.md",
"github_link": "https://github.com/mitre/heimdall2",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/tag/mitre/heimdall2?label=version",
"https://img.shields.io/npm/dt/heimdall-lite?label=npm%20downloads"
]
},
{
"name": "Heimdall Server",
"link": "",
"desc": "The complete Heimdall application - store results, coordinate across the development team, and more",
"icon": "",
"png" : "heimdall_logo",
"app_link": "https://heimdall-demo.mitre.org",
"app_svg": "app",
"doc_link": "https://github.com/mitre/heimdall2/blob/master/README.md",
"github_link": "https://github.com/mitre/heimdall2",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/tag/mitre/heimdall2?label=version",
"https://img.shields.io/docker/pulls/mitre/heimdall2?label=docker%20hub%20pulls"
]
},
{
"name": "Vulcan (alpha)",
"link": "",
"desc": "Application for streamlining InSpec profile and overlay development using the Security Requirements Guide (SRG)",
"icon": "",
"app_link": "",
"app_svg": "app",
"doc_link": "https://vulcan.mitre.org",
"github_link": "https://github.com/mitre/vulcan",
"svg": "",
"tools": ""
},
{
"name": "InSpec Tools",
"link": "",
"desc": "A set of Ruby utilities for creating, converting, and processing security baseline formats, results, and data",
"icon": "",
"png" : "inspec_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "https://inspec-tools.mitre.org",
"github_link": "https://github.com/mitre/inspec_tools/",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/release/mitre/inspec_tools?label=version",
"https://img.shields.io/gem/dt/inspec_tools?label=gem%20downloads"
]
},
{
"name": "InSpec Tools GitHub Action",
"link": "",
"desc": "Add InSpec Tools to your GitHub Actions workflow",
"icon": "github",
"icon_sizer" : "600%",
"app_link": "",
"app_svg": "",
"doc_link": "https://github.com/marketplace/actions/inspec-tools-action",
"github_link": "https://github.com/mitre/inspec_tools_action",
"svg": "",
"tools": ""
},
{
"name": "Heimdall Tools",
"link": "",
"desc": "A set of Ruby utilities for converting and working with compliance data for use in Heimdall apps",
"icon": "",
"png" : "heimdall_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "https://heimdall-tools.mitre.org",
"github_link": "https://github.com/mitre/heimdall_tools",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/release/mitre/heimdall_tools?label=version",
"https://img.shields.io/gem/dt/heimdall_tools?label=gem%20downloads"
]
},
{
"name": "Heimdall Tools GitHub Action",
"link": "",
"desc": "Add Heimdall Tools to your GitHub Actions workflow",
"icon": "github",
"icon_sizer" : "600%",
"app_link": "",
"app_svg": "",
"doc_link": "https://github.com/marketplace/actions/heimdall-tools-action",
"github_link": "https://github.com/mitre/heimdall_tools_action",
"svg": ""
},
{
"name": "InSpecJS",
"link": "",
"desc": "A Typescript library for working with InSpec data",
"icon": "",
"png" : "inspec_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "https://inspecjs.mitre.org",
"github_link": "https://github.com/mitre/inspecjs",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/npm/v/inspecjs?label=version",
"https://img.shields.io/npm/dt/inspecjs?label=npm%20downloads"
]
},
{
"name": "InSpecJS Tools",
"link": "",
"desc": "A set of JavaScript utilities for creating, converting, and processing security baseline formats, results, and data",
"icon": "",
"png" : "inspec_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "https://inspec-tools-js.mitre.org",
"github_link": "https://github.com/mitre/inspec_tools_js",
"svg": "",
"tools": ""
},
{
"name": "HDF Splunk Plugin",
"link": "",
"desc": "Splunk plugin to upload Inspec output, Heimdall Tools output, and any other HDF format files to Splunk, for consumption by Heimdall Lite",
"icon": "",
"png" : "splunk-white-black-bg",
"png_dark" : "splunk-black-white-bg",
"app_link": "",
"app_svg": "app",
"doc_link": "https://hdf-json-to-splunk.mitre.org",
"github_link": "https://github.com/mitre/hdf-json-to-splunk/",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/release/mitre/hdf-json-to-splunk?label=version",
"https://img.shields.io/github/downloads/mitre/hdf-json-to-splunk/total?label=github%20downloads"
]
},
{
"name": "InSpec Delta",
"link": "",
"desc": "Gem aiming to make the maintenance of InSpec profiles representing security benchmarks less of a maintenance burden by providing helpful command line tools",
"icon": "",
"png" : "inspec-delta-icon",
"app_link": "",
"app_svg": "app",
"doc_link": "https://engineering.cerner.com/blog/inspec-delta/",
"github_link": "https://github.com/cerner/inspec_delta",
"svg": "",
"tools": ""
},
{
"name": "Serverless InSpec (AWS)",
"link": "",
"desc": "Lambda function that allows execution of InSpec profiles in a serverless fashion",
"icon": "",
"png" : "aws_lambda_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "",
"github_link": "https://github.com/mitre/serverless-inspec-lambda",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/release/mitre/serverless-inspec-lambda?label=version",
"https://img.shields.io/github/downloads/mitre/serverless-inspec-lambda/total?label=github%20downloads"
]
},
{
"name": "Baseline Parser",
"link": "",
"desc": "Script to determine the set of NIST SP 800-53 controls covered by a baseline stored in GitHub",
"icon": "",
"app_link": "",
"app_svg": "",
"doc_link": "",
"github_link": "https://github.com/mitre/saf-baseline-ingestion",
"svg": "",
"tools": ""
},
{
"name": "HeimdallJS Tools (Coming Soon!)",
"link": "",
"desc": "A set of JavaScript utilities for converting and working with compliance data for use in Heimdall apps",
"icon": "",
"png" : "heimdall_logo",
"app_link": "",
"app_svg": "",
"doc_link": "",
"github_link": "",
"svg": "",
"tools": ""
}
]
}
]
}