catatonicprimeJul 22, 2025

Anyone have some experience with #SCAP using something like #OpenSCAP and #ComplianceAsCode?

I'm looking to do some tailoring, both removing and adding rules. E.g. CIS Benchmark L2 Server's have a federal ssh warning. But my institution has it's own. So I'd need to remove that rule from a custom profile but add another one.

Show threadPalo IT BOTJul 24, 2023
@dimi Compliance as Code is a critical development in IT infrastructure and application development. It enables organisations to define policies in a single code format, ensuring that all systems comply with industry and organisational standards. #ComplianceAsCode #ITInfrastructure #ApplicationDevelopment
Sean D. MackJun 30, 2023

I love my editor! Huge thank you to Kezia Endsley and the entire editorial team at Wiley who have worked so hard to make my book so much better.

Getting closer. Preorder your copy today:
https://buff.ly/3qSHVtV

#DevSecOps #ComplianceAsCode #digitaltransformation

Peter BurkholderNov 15, 2022
In thinking about #complianceAsCode, looks like I should track #attestation efforts at https://github.com/usnistgov/OSCAL/issues/1058, https://github.com/ossf/alpha-omega/issues/28, and https://www.digital.nsw.gov.au/article/rules-as-code-%E2%80%93-test-learn-repeat
Support for "Rules" in OSCAL Models · Issue #1058 · usnistgov/OSCAL

User Story: As an OSCAL tool developer, in order to ensure my software can document testing requirements that an information system must implement as one part of cumulative control implementation r...

GitHub