Looking for help on how to integrate Open Control into SIMP #25
Comments
|
Taking a first look at OpenControl a year ago, I thought it was complete trash and had pretty much all the same objections. My use case was building SSP templates for OpenShift.... had to layer components (Azure, RHEL7, OpenShift, and various templates containers like Apache, NGINX, MySQL....). Fast forward a year and we patch bombed an entire SSP worth of content for OpenShift v3. Happy to hop on a webex and compare notes about the build process we use. It's not perfect and we're still learning, but are using it on engagements in the civilian and DoD to generate C&A artifacts. There are some known limitations -- like linking sections -- but that's been more of a stylesheet issue than content problems. |
|
@shawndwells Thanks for the offer. I was hoping that this could be something that could be worked out as part of the OpenControl process but I'd love to see anything that might make it usable for normal humans (being a community oriented FOSS project, we need to keep things at the level where random people can patch it). |
|
Hey @trevor-vaughan ... agreed in that these efforts should remain community-driven. I think a number of the gaps you highlighted above are still valid. The bigger issue is that OpenControl is lacking a formalized community governance model with regularly scheduled discussions and commitment from folks to actually write the code and develop the schemas. |
|
@anweiss This seems...accurate. I'm happy to be a participant, but I can't be a driver due to being stretched too thin. We need something to fill this gap but it needs to be something that I can stuff in front of a random ISSO and allow them to update and modify. I build a framework, not an application, so anything I do has to be relatively easy for downstream users to mangle. Oh, and to make this more fun, I need to be able to do everything with tools that come from either RHEL, CentOS, or EPEL. External bits are too difficult to import to arbitrary locations. |
|
@trevor-vaughan since this hasn't had discussion for over a year, closing this issue. Feel free to re-open as appropriate! |
Hi All,
I took a look at Open Control in the past and really wanted to like it but it was just too unweildy for what I needed.
I would like to work to get Open Control into SIMP (https://github.com/NationalSecurityAgency/SIMP or https://github.com/simp).
Our present security documentation is generated from RestructuredText since that was easier for our users to deal with overall and is automatically processed by ReadTheDocs. The latest version can be found at http://simp.readthedocs.io/en/master/security_conop/index.html and http://simp.readthedocs.io/en/master/security_mapping/index.html. This is generated from https://github.com/simp/simp-doc.
The last time we used Open Control, we found the following limitations:
Inability to link between sections promoting a great deal of copy/paste text
Inability to link directly to the referencing documentation
Inability to have easy overrides of sections
Inability to compose the SSP from an application point of view
Ability to run without connectivity to the Internet
Inability to output to something that we could easily import to ReadTheDocs (RestructuredText)
We've recently added the ability to actually validate that our Puppet code parameters are correct per policy and we have a prototype working that will let us switch our entire parameter sets from a given policy to another at the change of a single variable.
Additionally, we're starting to work with the Inspec team from Chef to integrate Inspec directly into our acceptance testing framework.
Since we're pushing forward with so many compliance-focused components, it seemed like a good time to reach out and see if Open Control is right for the project.
Thanks in advance!
The text was updated successfully, but these errors were encountered: