Open greggsexton opened 5 years ago
Can compliance masonry be automated to listen for new controls
Compliance Masonry doesn't handle this directly - I recommend setting up a continuous integration pipeline to watch for changes, or simply rebuild on a certain frequency.
Controls within compliance framework change frequently
Do they? Per the homepage, 800-53 was last revised in 2015.
Thank you so much
On Tue, May 14, 2019 at 11:48 AM Aidan Feldman notifications@github.com wrote:
Can compliance masonry be automated to listen for new controls
Compliance Masonry doesn't handle this directly - I recommend setting up a continuous integration pipeline to watch for changes, or simply rebuild on a certain frequency.
Controls within compliance framework change frequently
Do they? Per the homepage https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final, 800-53 was last revised in 2015.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/opencontrol/discuss/issues/72?email_source=notifications&email_token=AHTTHDAMRJVNRLIWDPSQZLLPVLNOTA5CNFSM4HMR6AM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVL5PSI#issuecomment-492296137, or mute the thread https://github.com/notifications/unsubscribe-auth/AHTTHDEAEKAHPT7SIVBGXH3PVLNOTANCNFSM4HMR6AMQ .
-- Gregg Sexton 443.223.6299 Gregg@penncoastalconsulting.com Penn Coastal Consulting LLC
Can compliance masonry be automated to listen for new controls
Compliance Masonry doesn't handle this directly - I recommend setting up a continuous integration pipeline to watch for changes, or simply rebuild on a certain frequency.
+1
At Red Hat we handle this by watching the https://github.com/opencontrol/certifications and https://github.com/opencontrol/standards repos. If either one changes, our pipeline is triggered for a new build.
thank you
On Tue, May 14, 2019 at 1:04 PM Shawn Wells notifications@github.com wrote:
Can compliance masonry be automated to listen for new controls
Compliance Masonry doesn't handle this directly - I recommend setting up a continuous integration pipeline to watch for changes, or simply rebuild on a certain frequency.
+1
At Red Hat we handle this by watching the https://github.com/opencontrol/certifications and https://github.com/opencontrol/standards repos. If either one changes, our pipeline is triggered for a new build.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/opencontrol/discuss/issues/72?email_source=notifications&email_token=AHTTHDF55KEFMVNXDHHBS33PVLWJZA5CNFSM4HMR6AM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVMEKAQ#issuecomment-492324098, or mute the thread https://github.com/notifications/unsubscribe-auth/AHTTHDAGSP2V6XXVTLR4NE3PVLWJZANCNFSM4HMR6AMQ .
-- Regards Gregg Sexton Tel: 4432236299
Suggest closing as resolved
Can compliance masonry be automated to listen for new controls in things like NIST 800-53 and update the framework? Controls within compliance framework change frequently and I am tyring to understand if CM can listen and update automatically. Thank you