strongdm / comply Goto Github PK

View Code? Open in Web Editor NEW

1.2K 74.0 237.0 5.57 MB

Compliance automation framework, focused on SOC2

Home Page: https://comply.strongdm.com

License: Apache License 2.0

Makefile 5.41% Go 92.99% Ruby 0.66% Dockerfile 0.91% Shell 0.03%

soc2 grc compliance templates documentation-toolchain go golang pdf-generation gdpr hipaa

comply's People

Contributors

Stargazers

Watchers

Forkers

jmccarthy misterfxguy rartin kindlyops rklusas pdehlke shawndwells borgified nynir jeffreyalles schneiderderek mikecee lefthand masonhensley signalpath pratikmallya cybersecuritytutorial mrz5018 jasonbaron wolfy-j msimerson arambhashura lmm713281 spatel-cog junaidmh avineshwar gjyoung1974 kazishariar tay242 mikehummel al1p-r modulexcite 0xtbt abhilashak chris-at-virvent gowthamgreat gruen apitracker zeerg ekelleybober inexone k3rt4s ridem paddybyers bedem01 rn-g sportebois grahamburek jjediny reicolina mdisney apasichniy jonathannen aplater theneatcompany claverty24 rajkrishnamurthy rsogithub darrenlucht tellnol437 pchakravarthy mav55 jsoref blackhatchsecurity inkedwithstars ssmbcloud davidalex89 algentile robsaric riskmgt adamdecaf britepool franklouwers libertyy startwithlucy 4dvanceboy justinbeals thedemodev sitedata zate sivainguva apaladiychuk neilmangan lykos13 opexxx jivinivan muthonib gm3jones chintalapudikrishna vlad-pro elissa gunchamalik pmarkert securily sunstonesecure-robert tom-hassoc markbauer1975 jimfingal figtreehouse jessefmoore

comply's Issues

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Process-ID: workstation
Name: Collect Workstation Details

Procedure-ID: workstation

View Documents in HTML by Default

It would be most excellent if documents could be viewed in HTML by default, with the option to download to PDF.

Use case: It's much easier for users to access content in HTML than PDF. PDFs are hard to parse and search through imo.

Thank you!

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Production Environment

View patchlevel report in OpenVAS
Apply patches using Ansible playbooks
- AWS us-west-2
- Reston Datacenter

Procedure-ID: patch

Onboard new user: Frank Sinatra

Onboarding Steps

Determine github username and assign to correct Org
Create Slack account
Determine and assign IAM role

Attach Evidence

No evidence beyond activity logs within Slack, Github

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Have these policies passed a SOC2 audit?

Asking for a friend. ;)

Sorting standards not working as expected

https://github.com/strongdm/comply/blob/master/internal/render/controller.go#L82

The sort algorithm in Go library sorting for example:

A1
A11
A111
A2

Instead of:
A1
A2
A11
A111

I think a fix might look something like this: https://softwareengineering.stackexchange.com/questions/127639/why-do-some-sorting-methods-sort-by-1-10-2-3

But not sure, this is low priority, visual only. I am using FISMA NIST 800-53 standards that employ this type of formating: AC-1, AC-1(1), AC-1(2), etc.

Fresh install doesn't build

After init'ing from homebrew and running comply init and following prompts, running comply build yields this:

Please install either Docker or the pandoc package and re-run `build`

Both docker and pandoc are installed. Could this be a gopath issue?

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Process-ID: workstation
Name: Collect Workstation Details

Procedure-ID: workstation

Audit Request Workflow

Roughly:

Create "parent ticket" for new audit
Read XLS or CSV
Create ticket for each row
- Link to parent
Tag all tickets audit

Assignments, due dates, etc will then be conducted as per usual. Comply Dashboard will update with audit progress as tickets are resolved.

Related: Audit tickets will ideally depend on Evidence Vault (encrypted attachments)

Import standards from github.com/opencontrol/standards

Rather than including during init, consider introducing comply standard add to emit the file at runtime into the standards directory

Gitlab Integration

Hey Justin,

Cool project, I'm kicking the tires on using this for an upcoming compliance project.

If I or someone on my team wanted to contribute a gitlab integration, would that be ok? Do you have any contribution guidelines?

We're not a golang shop, but your github/jira implementations (in /internal) seem straight forward enough to replicate.

I would assume that we'd have to use:

https://github.com/xanzy/go-gitlab

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Production Environment

View patchlevel report in OpenVAS
Apply patches using Ansible playbooks
- AWS us-west-2
- Reston Datacenter

Procedure-ID: patch

New Logo For Comply

Hi There
I love your code, may I donate a logo for your project?

Production Environment

View patchlevel report in OpenVAS
Apply patches using Ansible playbooks
- AWS us-west-2
- Reston Datacenter

Procedure-ID: patch

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

I'm wondering why the requirement for Docker in the comply build? I think pandoc is the only requirement being met by Docker? For OS X people you're already doing a homebrew install. Would it be easier to install pandoc instead of requiring gigs and gigs of a docker install to be there already?

Collect Workstation Details

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Apply OS patches

Production Environment

View patchlevel report in OpenVAS
Apply patches using Ansible playbooks
- AWS us-west-2
- Reston Datacenter

Procedure-ID: patch

Collect Workstation Details

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Collect Workstation Details

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Jira ticketing integration

Collect Workstation Details

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Process-ID: Fish

procedures with YML syntax errors generate panic during serve

panic: Malformed metadata markdown in /Users/jmccarthy/tmp/will/procedures/offboarding.md, must be of the form: YAML\n---\nmarkdown content

goroutine 25 [running]:
github.com/strongdm/comply/internal/model.loadMDMD(0xc4205c0080, 0x33, 0x4, 0x0, 0x0, 0x20)
	/private/tmp/comply-20180615-48154-14fvegh/comply-1.2.5/src/github.com/strongdm/comply/internal/model/fs.go:183 +0x241
github.com/strongdm/comply/internal/model.ReadProcedures(0xc4202ac200, 0x1b, 0x20, 0x0, 0x0)

Complete Narrative Templates

panic on ticketSystem when none is selected

running on mac
version 1.2.3
docker 18.05.0-ce-mac66

$ comply init
company name
none selected for ticketing
$ comply build

panic: (model.TicketSystem) (0x14f9da0,0xc4205acbb0)

goroutine 22 [running]:
github.com/strongdm/comply/internal/model.GetPlugin(0x15f16a9, 0x4, 0x0, 0x0)
	/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/model/plugin.go:55 +0x213
github.com/strongdm/comply/internal/render.load(0x2, 0x2, 0x10dfaa0, 0xc420215d80)
	/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/controller.go:102 +0x82e
github.com/strongdm/comply/internal/render.loadWithStats(0xc420270d50, 0x9, 0xc420215d80, 0x2)
	/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/controller.go:112 +0x26
github.com/strongdm/comply/internal/render.html(0x15f3134, 0x6, 0x0, 0xc420382300, 0xc4203668d0)
	/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/html.go:42 +0x845
created by github.com/strongdm/comply/internal/render.Build
	/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/site.go:97 +0x1db```

Collect Workstation Details

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

Workstation Details

E-mail all users requesting confirmation of drive encryption
E-mail all users requesting confirmation of antivirus / antimalware configuration

Insert Evidence

Insert evidence into the Evidence Vault

Procedure-ID: workstation

strongdm / comply Goto Github PK

comply's People

Contributors

Stargazers

Watchers

Forkers

comply's Issues

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Production Environment

Onboarding Steps

Attach Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Production Environment

Production Environment

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Production Environment

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Insert Evidence

Workstation Details

Insert Evidence

Workstation Details

Insert Evidence

Recommend Projects

Recommend Topics

Recommend Org