Replies: 1 comment
-
|
We should place this in the Architecture Decisions Records if we do this. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We have noticed that our rules contain references to Control Correlation Identifiers (CCI). But, these references in our rules aren't complete, there are mistakes and some of them are outdated.
Our original idea is to develop automation to add CCIs to rules and also add tests to ensure consistency and accuracy of CCI data.
However, development and maintenance of this automation and tests means some work. At the same time, we don't know how useful the CCIs are for the users and community. We were wondering if it's worth the investment to develop this type of tools. As we don't want to keep inconsistent data, we are exploring option to remove CCI identifiers completely.
We think that removing CCIs shouldn't cause major problems, because they can be found in DISA's content or in online viewers like stigaview.com. We think that people usually watch for SRGs or DISA rule IDs when they review our STIG profiles, but not CCIs.
Please share your opinions with us. Are you actively using or relying on CCIs? In which way are you using them? Would it mean any problems for you if the CCIs are removed from rules?
Beta Was this translation helpful? Give feedback.
All reactions