...
In order to support compliance reporting, SIMP modules should record which resources have been configured to support particular compliance requirements, with supporting annotations where needed.e
The Proposed Approach
The CCE is a unique and immutable reference used by compliance-checking solutions such as OpenSCAP.
Our approach will be to:
- Use Puppet Resource tags to refer to CCE ids.
- Provide an optional (and inert) custom type to provide additional annotations for a given CCE(s) as metadata in the catalog
- Use the catalog compiled for a given system to compile the relevant security compliance document.
- An additional tool for generating compliance reports from catalogs containing this information will be developed