Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CCI's not mapping to correct STIGs? #1

Open
Shoegum opened this issue Jul 25, 2019 · 3 comments
Open

CCI's not mapping to correct STIGs? #1

Shoegum opened this issue Jul 25, 2019 · 3 comments

Comments

@Shoegum
Copy link

Shoegum commented Jul 25, 2019

I just looked up CCI-001336 (training record retention) and the STIG Rules annotated at the bottom are just not right. portmap/rpcbind settings... these have nothing to do with training record retention.

I thought I should communicate that so you know! Thank you for creating this site btw, it has been super helpful!

@adamstauffer
Copy link
Contributor

You are right, that doesn't seem like that CCI is mapped appropriately. I manually checked some of the STIGs that are linked, trying to make sure that there wasn't a parsing error. It looks like the CCI is mapped that way in the STIGs directly from DISA. I do want to keep the database consistent with the information from DISA. In the future, I'd like to show the mapping from DISA but also have our own recommendation or allow comments from other users sharing their rationale for mapping, perhaps with a voting system that will allow users to form a consensus on a mapping in the event that it differs from STIG authors.

For now, I would recommend sending an email to DISA to see if they can change this in future revisions of these STIGs. I will do the same

@Shoegum
Copy link
Author

Shoegum commented Jul 25, 2019

I sent an email to DISA. Hopefully (if) when they fix this it'll carry over in your next round of update(s).

Real solid man. I appreciate your work in this.

@livinginMD
Copy link

There is also an issue with DISA's source for SC-37.3 (missing but likely CCI-002523). I emailed them on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants