© 2020 The MITRE Corporation. All rights reserved.
|1|
InSpec Profiles* and HDF** include
NIST SP 800 -53 Security Control associations
DRAFT
March 2020
* built within the saf.mitre.org
** Heimdall Data Format |2||2|
Background –InSpec Profile Development Tool Chain
Validation
Profiles
System(s) Under
Evaluation
InSpec Engine
Master Nodes (3)
Ingest Nodes (X)
Data Nodes -Hot (X)
Data Nodes -Warm (X)
Validation
Results
Vendor Security
Checklist
DISA STIG
CIS Benchmarks
Automated
Conversion
Human Code
Completion/Refinement
Implementation
Guides
Inspec_tools
https://inspec -
tools.mitre.org/
Security Testing Content Development
https://github.com/
mitre/ (*baseline)
Security
Validation
as Code
Execution
Data Mapping and Visualization Tools
https://heimdall -
tools.mitre.org/
https://github.com/
mitre /heimdallhttps:// Heimdall -
lite.mitre.org
CCE, CVE, Least Functionality Tests CWE Tests
Static & Dynamic Code Analysishttps://github.com/
mitre/vulcan
2“HDF”, the
Heimdall Data Format
Includes NIST SP 800 -53
associations for each test!|3|
Background: The Heimdall Data Format (HDF)
Originally based on the InSpec
JSON results reporter format, we
have extended and standardized it
as the means of recording and
transporting (i.e., via Splunk)
security data from any source:
InSpec profiles, SonarQube, Fortify,
OWASP ZAP, etc.
HDF JSON File Schema:
https://github.com/mitre/inspecjs/blob/
master/schemas/exec -json.json
HDF Splunk Schema:
https://github.com/mitre/hdf -json -to-
splunk#control -event -structure
We are currently extending
Heimdall_tools to convert output
from Burp Suite Pro, Nessus, Nikto,
Sneak, NetSparker, etc. to HDF.|4|
Use Case 1 of 3:
DISA STIG to InSpec Profile
(with NIST SP 800 -53)
DISA STIG|5|
DISA STIG Source
https://public.cyber.mil/stigs/
DISA STIG|6|
Example DISA STIG
https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating -systems%2Cunix -linux
|7|
One of 200+ requirements in the DISA RHEL7 STIG:
This V -71935 is the unique ID for this requirement/test!
DISA STIG authors associate each requirement/test to a CCI
( STIG in XML form found in the ZIP download file: U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual -xccdf.xml )|8|
CCIs are DISA’s Control Correlation Identifiers
https://public.cyber.mil/stigs/cci/|9|
Each CCI maps to one or more NIST SP 800 -53 Controls
CCI-000205 is associated with…
…IA-5 (1) NIST SP 800 -53 Security Control (Enhancement)
( CCI list in XML form found in the ZIP download file: U_CCI_List.xml )|10| |10|
MITRE’s InSpec_tools Generates the STIG InSpec Profile Structure
Validation
Profiles
DISA STIGAutomated
Conversion
Inspec_tools
https://inspec -tools.mitre.org/10
Validation
Profile
Structure
with
Associated
NIST SP 800 -53
Security
Controls!
Human Code
Completion/RefinementU_Red_Hat_Enterprise_Linux_7
_STIG_V1R4_Manual -xccdf.xml
(with CCI associations)DISA’s U_CCI_List.xml
(map of CCIs to NIST)https://dl.dod.cyber.mil/wp -content/uploads/stigs/zip/u_cci_list.zip
https://github.com/mitre/ inspec_tools /blob/master/lib/data/U_CCI_List.xml
MITRE_InSpec_Profiles_and_HDF_include_NIST_SP-800-53_Associations
安全标准 >
NIST >
文档预览
中文文档
36 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共36页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:21:30上传分享