Review current approaches to defining rules to confirm minimal data fields in rules-related models #1391
Comments
david-waltermire
changed the title
rule practically needs to encode
|
@david-waltermire-nist, I know this spike is about tool review. I am going to un-assign #1160 from this issue because the "update models' Metaschema and make content examples" is what we ended up doing towards the tail end of #1339 and is in flight, #1364. |
|
Dave and I down-scoped which content examples we will look at for the two categories and sync back up to discuss my impressions in our next pairing session. Looking at the OCPv4 SCAP guides and OVAL profiles. Will prefer the CSA metrics over the MEDINA ones out of the interest of time if the latter are not currently public. The cloud-based API one is still TBD. |
|
Added some sample data and will continue draft notes here until we are ready to publish in this issue, itemize next steps, and close this issue out. |
|
We met today and planned to continue with this work in an afternoon pairing session tomorrow. |
|
I am moving this to Sprint 61. |
|
Not completed last sprint and not in scope for Sprint 63, moving to the backlog. |
Review current approaches for security testing processes and tools, confirm we represent MVP data points for what a
rulepractically needs to encode.Ideally, we would like to review the mechanics and characteristics of the different kinds of security testing tools.
A Linux operating system OpenSCAP scan profile, per taste/choice of assigned developers (A.J. and Dave to discuss)Security operations metrics from the EU/ENISA MEDINA project, if available and publicly shareableThe text was updated successfully, but these errors were encountered: