Skip to content

Generate Mapping

The generate mapping script helps you quickly create custom rules and baselines for a compliance framework not published by the project. This is done by providing a CSV that maps controls from your framework (Column 1) to a supported framework (Column 2).

800-171r2,800-53r5
3.1.1,"AC-2, AC-3, AC-17"
3.1.2,"AC-2, AC-3, AC-17"
3.1.3,AC-4
3.1.4,AC-5
  • Column 1: Your framework’s control identifier (e.g., 800-171r2 3.1.1)
  • Column 2: Supported framework controls (e.g., 800-53r5 AC-2)

Run the script with your mapping CSV:

Terminal window
./scripts/generate_mapping.py ~/Desktop/171-to-53.csv

Example output:

Mapping CSV: /Users/mscp/Desktop/171-to-53.csv
Source compliance framework: 800-53r5
auth_pam_login_smartcard_enforce - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3
auth_pam_login_smartcard_enforce - 800-53r5 IA-2(8) maps to 800-171r2 3.5.4
auth_smartcard_allow - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3
auth_pam_sudo_smartcard_enforce - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3
auth_pam_sudo_smartcard_enforce - 800-53r5 IA-2(8) maps to 800-171r2 3.5.4
auth_smartcard_enforce - 800-53r5 IA-2 maps to 800-171r2 3.5.1
...
sysprefs_improve_siri_dictation_disable - 800-53r5 AC-20 maps to 800-171r2 3.1.20
sysprefs_improve_siri_dictation_disable - 800-53r5 CM-7 maps to 800-171r2 3.4.6
sysprefs_improve_siri_dictation_disable - 800-53r5 CM-7(1) maps to 800-171r2 3.4.7
800-171r2.yaml baseline file created in build/800-171r2/baseline/
Move all of the folders in rules into the custom folder.
  • Directorybuild/
    • Directory800-171r2/
      • Directorybaseline/
        • 800-171r2.yaml
  • Directoryrules/
    • (move generated folders here into your custom folder)

For frameworks such as CIS Controls v8, set the Column 2 header to cis/controls v8 and use the same value with the -f option.