End-to-end ATO workflow: SCAP -> POA&M -> OSCAL -> AO brief #5
cognis-digital
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
A common end-to-end RMF flow with stigsentry, mapped to the bundled demos:
demos/01_sysadmin_scan.pyturns raw rows into a per-host, severity-ranked fix list.demos/02_isso_poam.pyemits an eMASS-ready CSV with the official NIST 800-53 rev5 Control Title column resolved from the real OSCAL catalog.demos/03_auditor_oscal.pyemits a real OSCAL 1.1.2 Assessment Results document (paired observation+finding, deterministic UUIDs,not-satisfiedtargets, STIG/CCI provenance). Deterministic UUIDs mean two runs diff cleanly.demos/04_ato_risk_brief.pygives the composite risk score, a control-family rollup, and a paste-ready Markdown briefing block.demos/05_airgap_pipeline.pyshows the offline resolve, SARIF export, and the--fail-on highgate.Run the whole thing offline with
PYTHONUTF8=1 python demos/run_all.py. How are you wiring stigsentry into your ATO package or continuous-monitoring pipeline?Beta Was this translation helpful? Give feedback.
All reactions