Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Base a new project on an existing STIG #555

Open
aaronlippold opened this issue Apr 12, 2023 · 9 comments
Open

Base a new project on an existing STIG #555

aaronlippold opened this issue Apr 12, 2023 · 9 comments
Assignees
@rlakey @ejaronne @vanessuniq

Comments

@aaronlippold
Copy link
Member

No description provided.

@ejaronne
Copy link

For example, a user might be building a new STIG based largely on a previous STIG, such as going from Windows 2016 to Windows 2019. While re-accounting for NA and inherently meets is still important wrt the original SRG, jump-starting the process by re-using rules from a previous STIG saves a lot of time!

@rlakey
Copy link
Contributor

rlakey commented Apr 14, 2023

I don't think Aaron was referencing that type of use case.

The copy component workflow allows someone to copy a component from one project to another to do what you are describing, and jump start the process.

@ejaronne ejaronne changed the title Link related components to a Vulcan project to help provide insight Base a new project on an existing STIG Apr 17, 2023
@ejaronne
Copy link

For example, a user might be building a new STIG based largely on a previous STIG, such as going from Windows 2016 to Windows 2019. While re-accounting for NA and inherently meets is still important wrt the original SRG, jump-starting the process by re-using rules from a previous STIG saves a lot of time!

@ejaronne
Copy link

Simplifying the ask to get this workflow moving

@rlakey
Copy link
Contributor

rlakey commented Apr 17, 2023

Seems to be a duplicate of #416 then.

To be more specific we don't need to base a new "project" on an official STIG we need to be able to create a "component" from an official STIG.

Once the official STIG is imported then you could copy/duplicate component to a new component to then begin your work.

@ejaronne
Copy link

The only problem is that the STIG does not have the original SRG content (SRG Requirement, SRG VulDiscussion, SRG Check, SRG Fix), but the new Project still needs full original context.

@aaronlippold
Copy link
Member Author

What I really mean by this is 'close / related' requirement linking with a modal/screen with the ability to 'copy from' to simplify reuse.

If I have a database component on linux - being able to reference / see the same requirement (SRGID) from PostgreSQL or Oracle see how it was done there makes a lot of sense.

This won't have the full set of course but it does shorten my workflow.

We do this often with STIGVIwer just trying to bring that work pattern more directly into the Vulcan UX

@rlakey
Copy link
Contributor

rlakey commented Apr 17, 2023

@ejaronne Just like with import from spreadsheet we choose an SRG to import against in the workflow. We would do the same with importing an official STIG. Import RHEL 8 or whatever, pair it with the GPOS SRG, and any requirements not covered in the STIG are added and set to Not Yet Determined.

I'm using the terms "project" and "component" to be more specific to the constructs in Vulcan. A project is just a collection of components and what you are wanting to import and create is a component and not a project.

@aaronlippold
Copy link
Member Author

exactly, we are using Solution of Equations by Interpolation given that each uses a common root - the SRG - to help inform our new solutions on validated ones in the same solution space.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rlakey rlakey

@ejaronne ejaronne

@vanessuniq vanessuniq

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aaronlippold @rlakey @ejaronne @vanessuniq