Feature request: option to disable certain tests

[grotewortel]

Hi Tyrone,

This is a feature request to be able to configure that some tests are disabled.

Sometimes there are good reasons to deviate from the CIS benchmark. A "Failed check" confuses people and may waist time of auditors and engineers. Typically these deviations are well documented and organisations have security processes in place with approvals.

I would prefer to be able to disable certain tests, so "Failed Checks" can become 0 when the router is configured as it was intended.

However, transparency is probably key here. I think that potential disabled tests deserve a place in the report also. I see a couple of scenario's for that.

• A new category (like Passed/Failed/N.A.) with its own counters
• Just a small line of text somewhere: disabled checks: "a.a.a, b.b.b, c.c.c".
• Use the Compliant column and instead of reporting True or False, report Disabled.

Please consider.

Kind regards,

Jan

[UncleSocks]

Hi Jan,

This is a good idea, will work on the previous issues/requests first then this.

Best regards, Tyrone Ilisan

[grotewortel]

Awesome!