Closed rx294 closed 4 years ago
For Nessus compliance scans, I recommend seeking CCI references first, then 800-53 if CCIs aren't available. Reason: I observed that for STIG-based Nessus compliance scans, all checks have CCIs, but not all have 800-53 references. Also and more importantly, the 800-53 references don't match correct CCI-to-800-53 mappings from DISA's CCI list. Correction - I was looking at an old run. The current code works well and very consistently in populating based on CCI.
@rx294 please add unit and functional tests
- [ ] Please add at least one functional and unit test with our test data in the 'gem installed' state and the 'from code' state
- [ ] Plese review the changes in the PRs for Heimdall Tools and InSpec Tools to ensure we are using the correct data file access and 'convertion to ruby object in the compiled state' to make sure we don't have file load issues again
Functional test performed locally; Unit tests will be added on a later PR
nessus_mapper should map CCI numbers if available to NIST 800-53 references.
Fixes #54