STIG

STIG CLI

This CLI is able to ingest security checklists from STIG rules and automatically update SSP control and component implementations based on these checklists.

• process-stig - Parse CKL files from a given folder and create checklists, assets, and issues and update implementations.
• update_mapping - Force update the CCI to control mapping from a combination dataset of DISA U_CCI_LIST and the NIST stig mapping.

Source:

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CCI_List.zip
• https://csrc.nist.gov/csrc/media/projects/forum/documents/stig-mapping-to-nist-800-53.xlsx

STIG Processing Workflow

The STIG CLI has the capability to scan every CKL file within a specified folder and compare the asset and component with those in RegScale. It can convert each STIG rule to a RegScale security checklist that corresponds to the STIG asset. By performing these checklists, the implementation status at the component level can be determined. These statuses will then be aggregated to the SSP level, which facilitates continuous updating of a RegScale SSP.

To process a folder of STIG files, you can simply run the process-stig command and tie a folder of STIG checklists to an existing RegScale SSP. The CCI mappings will automatically be created if they do not exist. To force update CCI mappings, run the update-cci-mapping command.

• regscale stig process-stig --regscale_ssp_id 2 --folder_path /path/to/stigs
• regscale stig update-cci-mapping