Generate Mapping
The generate mapping script helps you quickly create custom rules and baselines for a compliance framework not published by the project. This is done by providing a CSV that maps controls from your framework (Column 1) to a supported framework (Column 2).
CSV Format
Section titled “CSV Format”800-171r2,800-53r53.1.1,"AC-2, AC-3, AC-17"3.1.2,"AC-2, AC-3, AC-17"3.1.3,AC-43.1.4,AC-5
- Column 1: Your framework’s control identifier (e.g., 800-171r2 3.1.1)
- Column 2: Supported framework controls (e.g., 800-53r5 AC-2)
Generate Custom Rule Files
Section titled “Generate Custom Rule Files”Run the script with your mapping CSV:
./scripts/generate_mapping.py ~/Desktop/171-to-53.csv
Example output:
Mapping CSV: /Users/mscp/Desktop/171-to-53.csvSource compliance framework: 800-53r5auth_pam_login_smartcard_enforce - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3auth_pam_login_smartcard_enforce - 800-53r5 IA-2(8) maps to 800-171r2 3.5.4auth_smartcard_allow - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3auth_pam_sudo_smartcard_enforce - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3auth_pam_sudo_smartcard_enforce - 800-53r5 IA-2(8) maps to 800-171r2 3.5.4auth_smartcard_enforce - 800-53r5 IA-2 maps to 800-171r2 3.5.1...sysprefs_improve_siri_dictation_disable - 800-53r5 AC-20 maps to 800-171r2 3.1.20sysprefs_improve_siri_dictation_disable - 800-53r5 CM-7 maps to 800-171r2 3.4.6sysprefs_improve_siri_dictation_disable - 800-53r5 CM-7(1) maps to 800-171r2 3.4.7800-171r2.yaml baseline file created in build/800-171r2/baseline/Move all of the folders in rules into the custom folder.
Directorybuild/
Directory800-171r2/
Directorybaseline/
- 800-171r2.yaml
Directoryrules/
- … (move generated folders here into your custom folder)
Mapping to Other Frameworks
Section titled “Mapping to Other Frameworks”For frameworks such as CIS Controls v8, set the Column 2 header to cis/controls v8
and use the same value with the -f
option.