Update to map NIST tags from CCI refs

mitre / heimdall_tools

DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications

https://heimdall-tools.mitre.org

Other

35 stars 20 forks source link

Update to map NIST tags from CCI refs #55

Closed rx294 closed 4 years ago

rx294 commented 4 years ago

nessus_mapper should map CCI numbers if available to NIST 800-53 references.

Fixes #54

ejaronne commented 4 years ago

For Nessus compliance scans, I recommend seeking CCI references first, then 800-53 if CCIs aren't available. Reason: I observed that for STIG-based Nessus compliance scans, all checks have CCIs, but not all have 800-53 references. Also and more importantly, the 800-53 references don't match correct CCI-to-800-53 mappings from DISA's CCI list. Correction - I was looking at an old run. The current code works well and very consistently in populating based on CCI.

aaronlippold commented 4 years ago

@rx294 please add unit and functional tests

rx294 commented 4 years ago

[ ] Please add at least one functional and unit test with our test data in the 'gem installed' state and the 'from code' state

[ ] Plese review the changes in the PRs for Heimdall Tools and InSpec Tools to ensure we are using the correct data file access and 'convertion to ruby object in the compiled state' to make sure we don't have file load issues again

Functional test performed locally; Unit tests will be added on a later PR