sig-bsi-grundschutz / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://www.open-scap.org/security-policies/scap-security-guide
Other
7 stars 1 forks source link

redesign references for the profile #51

Closed sluetze closed 8 months ago

sluetze commented 9 months ago

You mean moving the current bsi-node.profile to e.g. bsi-node-2023.profile?

Yes.

Should we also add an additional bsi-node.profile file that "extends" the bsi-node-2023 profile (just like cis / cis-node do for example)?

Yes.

The non-versioned profiles are always pointing to the latest version. This way folks who want to stay on a specific version can use bsi-2022 and bsi-node-2022, for example. And folks who want to keep "rolling" to the latest version can use bsi and bsi-node.

How do you usually handle changes, when e.g. the 2024 version comes out? Remove the 2023 version and only have one version in place?

The support for versioned profiles is quite new, so we haven't gone through a profile version update yet.

But I think that update approach will depend on the lifecycle of the policy and the transition period between versions. Is an old version immediately deprecated a new release is out? Is there a transition period?

Regardless, I can imagine that the profile for and old version will exist and be shipped for a few releases until it is removed. So that people using them can move and adapt to the new version.

_Originally posted by @yuumasato in https://github.com/ComplianceAsCode/content/pull/11342#discussion_r1443244448_

The profile for rhcos4 can also leverage the the bsi_app_4_4 controls. Any node rule selected in a control will be picked up and included in the profile.

_Originally posted by @yuumasato in https://github.com/ComplianceAsCode/content/pull/11342#discussion_r1433970864_

sluetze commented 9 months ago

added the upper part in c52dcc64ece9a6d67f802f5c6ee9fa3adb4bca69

sluetze commented 9 months ago

added lower part in https://github.com/sig-bsi-grundschutz/content/commit/702905f4d8a15662e9eeee1065b03b63a995ad99

sluetze commented 8 months ago

merged in https://github.com/ComplianceAsCode/content/pull/11437