Open livesayjesse opened 1 year ago
cd-rite
commented
1 year ago Hi @livesayjesse Thanks for the suggestion! I'm not familiar with CMRS, but reaching out directly to another system is out of scope for this project at the moment. However! If you can provide the format for CMRS manual uploads, we can investigate whether it is feasible to produce a compatible export from STIGMan data.
zirus001
commented
1 year ago CMRS is an up channel reporting tool DISA uses. So basically things like ACAS, ePO, and other tools roll information up to it and its also used when doing inspections. Our recent inspectors told us that we had to utilize ACAS audit scans which are famous to just flat out... not really work but the reason was because it rolled up to CMRS. That's the reason for the feature request. Let me work with my ISSM/ISSO to see if I can get a template. That would be an awesome workaround. Thanks!
Is your feature request related to a problem? Please describe. No. There is no issue.
Describe the solution you'd like An automated CMRS rollup feature to push collections up.
Describe alternatives you've considered An alternative might be an export feature to a format that could be manually uploaded into CMRS. This alone would greatly help and would probably be an easier implementation.
Additional context So we recently went through a CCRI inspection and we were required to setup ACAS Audit scans. These Audit scans are nitorious for not working correctly. Tons of false positives, mis identifying OS's, and just a nightmare to weed through. However, since they are the only thing that rolls up to CMRS then we have to use them for inspections. Being able to publish to CMRS would allow us to use STIG Manager (and Evaluate-STIG) for the automated STIG scanning process. This would make inspections a LOT smoother.