At the moment it seems I would have to run this profile in an all or nothing sense. Aka I couild not run a single control test as the control id's and much of the profile structure comes from dynamic elements in the inputs and runtime data.
Even if we are auto-generating controls - would we be able to write these core elements:
control id, title, desc, and sub-desc(s), impact, tags as static values so that users would be able to run individual tests and just need to pass a few inputs or an input file to the cli.
Another benifit to this is that the whole profile itself is more stable generally.
The compliance document - and thus the tests - are stable as a profile is linked to a defined set of tests. Thus making it a 'cool' but unneeded complexity to make what are static elements dynamic.
At the moment it seems I would have to run this profile in an all or nothing sense. Aka I couild not run a single control test as the control id's and much of the profile structure comes from dynamic elements in the inputs and runtime data.
Even if we are auto-generating controls - would we be able to write these core elements:
control id, title, desc, and sub-desc(s), impact, tags
as static values so that users would be able to run individual tests and just need to pass a few inputs or an input file to the cli.Another benifit to this is that the whole profile itself is more stable generally.
The compliance document - and thus the tests - are stable as a profile is linked to a defined set of tests. Thus making it a 'cool' but unneeded complexity to make what are static elements dynamic.