Comments (3)
atomic111
commented on May 17, 2024
@aaronlippold yes i agree, but the CIS Benchmark has just the two things: scored and not scored. that is the reason why i did just impact 0 and 1. Do you have any proposals?
from cis-docker-benchmark.
aaronlippold
commented on May 17, 2024
@atomic111 @rx294 My team and I just had a conversation about this with respect to the cis-aws-foundations-benchmark. My thinking was with respect to the goal or intention of the impact in an InSpec control and CIS, we think that the intention of impactwould be best served with:
- 'Not Scored' ==
impact 0 - Level 1 ==
impact: .4( roughly a 'low' ) - Level 2 ==
impact: .7( roughly a 'high' )
However, I think that in general we want to keep away from 1 and 0 cases as they should be reserved for special processing cases.
For example, in our work - when a control is 'Not Applicable' in a security control selection sense or a control is 'Inherited' ( the operational responsibility of some other group or system ) we "override" the base control with impact: 0 and change the description: to be the justification for the change.
For impact: 1 this would be a 'critical' control that is a hard stop for the system under evaluation.
from cis-docker-benchmark.
atomic111
commented on May 17, 2024
@aaronlippold thanks for the input. but the score should be level 1 == impact 1, because those are the basics and level 2 is a nice add on.
from cis-docker-benchmark.
Related Issues (20)
- splitt controls in components
- rename control titles
- Update to CIS 1.13
- use own control number scheme HOT 1
- check the running daemon for the configuration HOT 1
- Commands in cis-docker-benchmark-5.22 and cis-docker-benchmark-5.23 take too long to execute HOT 2
- docker variable not defined HOT 1
- undefined method `downcase' for nil:NilClass HOT 8
- Test running docker via -t docker:// HOT 9
- load_with_context': undefined method `each' for nil:NilClass (NoMethodError) exception in cis-docker-benchmark-master/controls/container_runtime.rb:194 HOT 2
- Verify enable content trust per-shell or per-invocation check
- uploading cis docker profile to chef compliance HOT 2
- method_missing: undefined local variable or method docker HOT 1
- incompatible character encodings: UTF-8 and ASCII-8BIT HOT 3
- Examples not working HOT 7
- Implement latest CIS Benchmark
- Wrong placement of flag in command HOT 4
- Overuse of `describe docker.object(id) do`
- Control docker-4.7 fails when running tests on environment with redhat/ubi9-minimal
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cis-docker-benchmark.