Generate Mapping

The generate mapping script helps you quickly create custom rules and baselines for a compliance framework not published by the project. This is done by providing a CSV that maps controls from your framework (Column 1) to a supported framework (Column 2).

CSV Format

800-171r2,800-53r5
3.1.1,"AC-2, AC-3, AC-17"
3.1.2,"AC-2, AC-3, AC-17"
3.1.3,AC-4
3.1.4,AC-5

Column 1: Your framework’s control identifier (e.g., 800-171r2 3.1.1)
Column 2: Supported framework controls (e.g., 800-53r5 AC-2)

Generate Custom Rule Files

Run the script with your mapping CSV:

./scripts/generate_mapping.py ~/Desktop/171-to-53.csv

Example output:

Mapping CSV: /Users/mscp/Desktop/171-to-53.csv
Source compliance framework: 800-53r5
auth_pam_login_smartcard_enforce - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3
auth_pam_login_smartcard_enforce - 800-53r5 IA-2(8) maps to 800-171r2 3.5.4
auth_smartcard_allow - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3
auth_pam_sudo_smartcard_enforce - 800-53r5 IA-2(1) maps to 800-171r2 3.5.3
auth_pam_sudo_smartcard_enforce - 800-53r5 IA-2(8) maps to 800-171r2 3.5.4
auth_smartcard_enforce - 800-53r5 IA-2 maps to 800-171r2 3.5.1
...
sysprefs_improve_siri_dictation_disable - 800-53r5 AC-20 maps to 800-171r2 3.1.20
sysprefs_improve_siri_dictation_disable - 800-53r5 CM-7 maps to 800-171r2 3.4.6
sysprefs_improve_siri_dictation_disable - 800-53r5 CM-7(1) maps to 800-171r2 3.4.7
800-171r2.yaml baseline file created in build/800-171r2/baseline/
Move all of the folders in rules into the custom folder.

Directorybuild/
- Directory800-171r2/
  - Directorybaseline/
    800-171r2.yaml
Directoryrules/
- … (move generated folders here into your custom folder)

Mapping to Other Frameworks

For frameworks such as CIS Controls v8, set the Column 2 header to cis/controls v8 and use the same value with the -f option.