scm
Security Control Management
SCM (Security Control Management) is a simple ways to manage your security control management system based on industry standards.
------------------------------------------------------------------
SCM is under development and is considered a work in progress.
------------------------------------------------------------------
Features ( Roadmap #1 ):
- Definitions
- 1.1. PCI-DSS Requirements and Security Assessment Procedures Version 3.2.1 |||-->[ β MVP Done ]
- 1.2. CIS Controls Version 7.1 |||-->[ β MVP Done ]
- 1.3. CIS Kubernetes Benchmark Version 1.5.1 |||-->[ π In Progress ]
- 1.4. CIS Docker Benchmark Version 1.2.0
- Mappings
- 2.1. Mapping CIS Kubernetes Benchmark Versionn 1.5.1 To CIS Control Version 7.1 |||-->[ π In Progress ]
- 2.2. Mapping CIS Controls Version 7.1 To PCI-DSS Requirement and Security Assessment Procedures Version 3.2.1 |||-->[ β MVP Done ]
- Tools
- 3.1. Using/Import kube-bench Capabilities (https://github.com/aquasecurity/kube-bench) |||-->[ π In Progress ]
- 3.2. Using/Import docker-bench Capabilities (https://github.com/aquasecurity/docker-bench) OR
- 3.3. Using/Import docker-bench-security Capabilities (https://github.com/docker/docker-bench-security)
- Reports
- 4.1. CIS Kubernetes Benchmark Report
- 4.2. CIS Docker Benchmark Report
- 4.3. CIS Controls Report |||-->[ π In Progress ]
- 4.4. PCI DSS Controls Report |||-->[ π In Progress ]
- Integration: Automation
- 5.1. Ansible
- Integration: Notifications/Alerts
- 6.1. Slack
- 6.2. Email
References:
- PCI DSS (https://www.pcisecuritystandards.org/document_library)
- CIS Controls (https://www.cisecurity.org/controls/)
- CIS Kubernetes Benchmark (https://www.cisecurity.org/benchmark/kubernetes/)
- CIS Docker Benchmark (https://www.cisecurity.org/benchmark/docker/)
- CIS CSAT (https://csat.cisecurity.org/)
- AuditScripts Critical Security Controls (https://www.auditscripts.com/free-resources/critical-security-controls/)
- Ansible (https://docs.ansible.com/ansible/latest/)