Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjudicate "substantive changes" to the EXO Baseline Markdown #247

Closed
12 tasks done
ahuynhMITRE opened this issue Apr 5, 2023 · 0 comments · Fixed by #436
Closed
12 tasks done

Adjudicate "substantive changes" to the EXO Baseline Markdown #247

ahuynhMITRE opened this issue Apr 5, 2023 · 0 comments · Fixed by #436
Assignees
@buidav
Labels
baseline-document Issues relating to the text in the baseline documents themselves
Milestone
Emerald

Comments

@ahuynhMITRE
Copy link
Collaborator

ahuynhMITRE commented Apr 5, 2023
edited by schrolla
Loading

💡 Summary

This issue captures the high-level tasks required to convert the existing EXO Secure Configuration Baseline document to a new structure based on the existing markdown format. The updates will include reordering and regrouping of existing policy items, additional fields for each policy item, and policy changes to clarify relative to existing implementation guidance.

Motivation and context

The new baseline policy document format will provide additional clarity to readers and support better automated assessment of baseline policy items for EXO.

Implementation notes

In order to make the changes referenced above, the following tasks will need to be accomplished:

  • CREATE and NUMBER policy group statements based on existing policy areas using updated markdown files found in Adjudicate "Structural Changes" to All Baseline Markdowns #212 and its associated branch

    • REMOVE “SHALL” and “SHOULD” language from new policy group statements
    • RENAME policy groups to cover associated policies (Naming should be descriptive vice prescriptive)
    • REGROUP baseline policies that are better orientated to the new Group Name if needed
    • CREATE short 1-2 sentence summary for each policy group

  • ADD Rationale section and text for each policy
    Note: Suggested format for Rationale

    • 1st sentence: Security risk if policy is not implemented.
    • 2nd sentence: How this policy minimizes this risk.

  • UPDATE policy item description to match the desired best practice and synchronize with implementation steps (e.g., setting should be 30 days or less when implementation shows setting days to <= 30)

Acceptance criteria

How do we know when this work is done?

  • EXO baseline markdown has been updated with new policy groups and all policy items reordered into those groups
  • All EXO baseline policy groups have been numbered
  • Each EXO policy group contains a concise and clear 1-2 sentence summary
  • Each EXO policy item contains a Rationale section using the suggested format
  • Each EXO policy item has been reviewed and updated to synchronize with the implementation steps
@ahuynhMITRE ahuynhMITRE added the baseline-document Issues relating to the text in the baseline documents themselves label Apr 5, 2023
@ahuynhMITRE ahuynhMITRE added this to the Emerald milestone Apr 5, 2023
@buidav buidav mentioned this issue Jul 13, 2023
Merged
5 tasks
@buidav buidav assigned buidav and unassigned ahuynhMITRE Jul 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@buidav buidav

Labels
baseline-document Issues relating to the text in the baseline documents themselves
Projects
None yet
Milestone
Emerald
Development

Successfully merging a pull request may close this issue.

Address EXO comment and structural changes in the baseline document cisagov/ScubaGear
4 participants
@buidav @adhilto @schrolla @ahuynhMITRE