opengovern · artaasadi · Jan 24, 2025 · Jan 24, 2025
diff --git a/.github/scripts/compare-controls.go b/.github/scripts/compare-controls.go
@@ -19,7 +19,7 @@ type Benchmark struct {
 	Children    []string            `json:"Children" yaml:"Children"`
 	Tags        map[string][]string `json:"Tags" yaml:"Tags"`
 	Enabled     bool                `json:"Enabled" yaml:"Enabled"`
-	AutoAssign  bool                `json:"AutoAssign" yaml:"AutoAssign"`
+	IsBaseline  bool                `json:"IsBaseline" yaml:"IsBaseline"`
 	Controls    []string            `json:"Controls" yaml:"Controls"`
 }
 

diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight.yaml
@@ -4,7 +4,7 @@ framework:
   description: The Australian Cyber Security Center (ACSC) Essential Eight is a set of baseline security strategies designed to mitigate cyber security incidents. The Essential Eight is a prioritized list of mitigation strategies that organizations can implement to protect their systems against a range of adversaries. The Essential Eight is based on the Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents.
   section-code: aws_acsc_essential_eight
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight.yaml
@@ -4,7 +4,7 @@ framework:
   description: The Australian Cyber Security Center (ACSC) Essential Eight is a set of baseline security strategies designed to mitigate cyber security incidents. The Essential Eight is a prioritized list of mitigation strategies that organizations can implement to protect their systems against a range of adversaries. The Essential Eight is based on the Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents.
   section-code: aws_acsc_essential_eight
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls.yaml
@@ -4,7 +4,7 @@ framework:
   description: This benchmark contains all controls grouped by service to help you detect resource configurations that do not meet best practices.
   section-code: aws_all_controls
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/...iance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower.yaml b/...iance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_compute_service_v100/aws_cis_compute_service_v100.yaml b/compliance/frameworks/aws/aws_cis_compute_service_v100/aws_cis_compute_service_v100.yaml
@@ -26,7 +26,7 @@ framework:
     version:
     - v1.0.0
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120.yaml b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: true
+    is-baseline: true
     enabled: true
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_gdpr/aws_gdpr.yaml b/compliance/frameworks/aws/aws_gdpr/aws_gdpr.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/...ws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013.yaml b/...ws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013.yaml
@@ -20,7 +20,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003.yaml
@@ -20,7 +20,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172.yaml
@@ -4,7 +4,7 @@ framework:
   description: NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of controlled unclassified information (CUI) in nonfederal systems and organizations from the advanced persistent threat when the CUI is associated with a critical program or high value asset.
   section-code: aws_nist_800_172
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_nist_csf.yaml b/compliance/frameworks/aws/aws_nist_csf.yaml
@@ -20,7 +20,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: true
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321.yaml
@@ -4,7 +4,7 @@ framework:
   description: The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data.
   section-code: aws_pci_dss_v321
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc.yaml
@@ -4,7 +4,7 @@ framework:
   description: The NBFC (Non-Banking Finance Company) sector has grown in size and complexity over the years. As the NBFC industry matures and achieves scale, its Information Technology /Information Security (IT/IS) framework, Business continuity planning (BCP), Disaster Recovery (DR) Management, IT audit, etc. must be benchmarked to best practices.
   section-code: aws_rbi_itf_nbfc
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_rego_test.yaml b/compliance/frameworks/aws/aws_rego_test.yaml
@@ -20,7 +20,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/aws/aws_soc_2.yaml b/compliance/frameworks/aws/aws_soc_2.yaml
@@ -20,7 +20,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls.yaml
@@ -4,7 +4,7 @@ framework:
   description: This benchmark contains all controls grouped by service to help you detect resource configurations that do not meet best practices.
   section-code: azure_all_controls
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210.yaml
@@ -4,7 +4,7 @@ framework:
   description: The CIS Microsoft Azure Foundations Security Benchmark provides prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure.
   section-code: azure_cis_v210
   defaults:
-    auto-assign: true
+    is-baseline: true
     enabled: true
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high.yaml
@@ -4,7 +4,7 @@ framework:
   description: The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP program has helped to accelerate the adoption of secure cloud solutions through the reuse of assessments and authorizations across government agencies. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. Cloud Service Providers (CSP) that support U.S. government customers or operate on U.S. government information are responsible for complying with the requirements established by the FedRAMP program. In May 2020 the Salesforce Government Cloud Plus achieved a provisional Authority to Operate (ATO) at the high impact level issued by the FedRAMP Joint Authorization Board (JAB).
   section-code: azure_fedramp_high
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92.yaml
@@ -21,7 +21,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_msb/azure_msb.yaml b/compliance/frameworks/azure/azure_msb/azure_msb.yaml
@@ -17,8 +17,8 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: true
-    enabled: true
+    is-baseline: false
+    enabled: false
     tracks-drift-events: false
   control-group:
   - id: azure_cis_v200_2

diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2.yaml
@@ -4,7 +4,7 @@ framework:
   description: NIST SP 800-171 Revision 2 signifies a significant endeavor to enhance cybersecurity practices, specifically tailored for organizations engaging with the U.S. federal government.
   section-code: azure_nist_sp_800_171_rev_2
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group:

diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5.yaml
@@ -19,7 +19,7 @@ framework:
     type:
     - Benchmark
   defaults:
-    auto-assign: false
+    is-baseline: false
     enabled: false
     tracks-drift-events: false
   control-group: