JakeDean3631
commented
3 years ago @bwwillis - Thank you for submitting this issue. With the StigRepo 1.3 release, all existing StigData files will be backed-up when running the Update-StigRepo function, so existing manualcheck files will be retained but will have to be moved from the "Resoruces\Stig Data-Backup" folder back into the "Resources\Stig Data" folder. This is due to the fact that the vulnerability IDs may change with new STIG releases from DISA and old manualcheck files may become outdated. While a work-around is provided, I am leaving this issue open so we can implement a more seamless solution to retain the existing files/manualcheck data without needing to re-import them from a backup folder.
My customer is currently generating a file for the non-configuration/non-automated (manual) STIG vulnerabilities. These are done as a modified default manual checklist for the STIG type (Web Server, W, Chrome, etc...). These checklists have customer specific default status and comments for the vulnerabilities and are used as a template for more specific checklists based on the system. For example, a SharePoint server will have a Web Server manual checklist that is created as follows:
STIGRepo Default Manual Checklist -> Customer Specific Default Manual Checklist ->SharePoint More Specific Manual Checklist
The concern is that as we update STIGRepo the "Specific Default Manual Checklist" and the "SharePoint More Specific Manual Checklist" will be overwritten or deleted.
The ability to have a directory under ..\Resources\STIG Data\Manual Checks\WebServer called "Custom" that would contain these files and not get overwritten by an update or reinstall of STIGRepo. Also it would make backups of the customizations fairly easy.
It might look something like: