Background
In order to support compliance reporting, SIMP modules should record which resources have been configured to support particular compliance requirements, with supporting annotations where needed.e
The Proposed Approach
The CCE is a unique and immutable reference used by compliance-checking solutions such as OpenSCAP.
Our approach will be to:
- Use Puppet Resource tags to refer to CCE ids.
- Provide an optional (and inert) custom type to provide additional annotations for a given CCE(s) as metadata in the catalog
- Use the catalog compiled for a given system to compile the relevant security compliance document.
- An additional tool for generating compliance reports from catalogs containing this information will be developed