binamov
commented
4 years ago The way I run individual controls right now is with eg --controls=pci-dss-3.2.1-3.5.4
Your point about static values is valid.
Open aaronlippold opened 4 years ago
binamov
commented
4 years ago The way I run individual controls right now is with eg --controls=pci-dss-3.2.1-3.5.4
Your point about static values is valid.
At the moment it seems I would have to run this profile in an all or nothing sense. Aka I couild not run a single control test as the control id's and much of the profile structure comes from dynamic elements in the inputs and runtime data.
Even if we are auto-generating controls - would we be able to write these core elements:
control id, title, desc, and sub-desc(s), impact, tagsas static values so that users would be able to run individual tests and just need to pass a few inputs or an input file to the cli.Another benifit to this is that the whole profile itself is more stable generally.
The compliance document - and thus the tests - are stable as a profile is linked to a defined set of tests. Thus making it a 'cool' but unneeded complexity to make what are static elements dynamic.