botelastic[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
STIG stands for Security Technical Implementation Guides.
Details of what is required for STIG hardening documentation. It's expected that creating this guide will be a group effort, but I don't have clear details about what is required for Beats.
From @debadair.
Here are a few links for more context and detail about the required structure for formal STIG documentation. While we have more flexibility in how we structure and publish the hardening guide for 7.6, we need to establish a template for the content and it probably makes sense to model it after the established structure.
From the doc side, I think the key question is do we want to publish the hardening guide with the rest of the documentation, or is this something that we only bundle with the UBI?
STIG checklists in XCCDF
https://www.fbiic.gov/public/2011/sep/U_STIG%20Transition%20to%20XCCDF%20FAQ%2020100126.pdf
XCCDF Overview & Resources
https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/Specifications/xccdf
XCCDF Specification
https://csrc.nist.gov/CSRC/media/Publications/nistir/7275/rev-4/final/documents/nistir-7275r4_updated-march-2012_clean.pdf
Open-SCAP
https://www.open-scap.org/
Blog posts about documenting a config baseline & using XCCDF
(One person's thinking on the subject)
Documenting config changes
http://blog.siphos.be/2018/01/documenting-configuration-changes/
Documenting a rule
http://blog.siphos.be/2018/01/documenting-a-rule/
Doc structure for a config baseline
http://blog.siphos.be/2018/01/structuring-a-configuration-baseline/
XCCDF Sample Template
http://blog.siphos.be/static/2018/xccdf-template.xml