This InSpec compliance profile implement the ElasticSearch Security Technical Implementation Guide (STIG) - (Draft) in an automated way to provide security best-practice tests around ElasticSearch with X-pack server and system settings in a production environment.
There is a gemfile with some hardcoded semver values
Is this profile still publishable/applicable? Considering the base document apparently specified nist tags that are no longer used and multiple releases of elasticsearch have come out since then. If we want to maintain it, where do we get an up to date stig or do we need to write one ourselves?
Finally, it is still marked as WIP: what is required to make it an actual release?
There is a gemfile with some hardcoded semver values
Is this profile still publishable/applicable? Considering the base document apparently specified nist tags that are no longer used and multiple releases of elasticsearch have come out since then. If we want to maintain it, where do we get an up to date stig or do we need to write one ourselves?
Finally, it is still marked as WIP: what is required to make it an actual release?