GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → IBM → compliance-trestle

IBM / compliance-trestle

Licence: Apache-2.0 License
An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

pypicompliancenist800-53oscal

Projects that are alternatives of or similar to compliance-trestle

Ossec Hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+6654.72%)
Mutual labels:  compliance, nist800-53
fidesops
Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (-39.62%)
Mutual labels:  compliance
imgur-scraper
Retrieve years of imgur.com's data without any authentication.
Stars: ✭ 26 (-50.94%)
Mutual labels:  pypi
datagoose
🔐 Easy to use, fast, lightweight, secure, JSON based database for Python!
Stars: ✭ 13 (-75.47%)
Mutual labels:  pypi
ahocorapy
Pure python Aho-Corasick library.
Stars: ✭ 163 (+207.55%)
Mutual labels:  pypi
arpwitch
A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.
Stars: ✭ 20 (-62.26%)
Mutual labels:  pypi
django-admin-page-lock
Page Lock for Django Admin allows developers to implement customizable locking pages.
Stars: ✭ 13 (-75.47%)
Mutual labels:  pypi
discodo
Enhanced Audio Player for Discord
Stars: ✭ 41 (-22.64%)
Mutual labels:  pypi
capsulecd
Continuous Delivery for automating package releases (npm, cookbooks, gems, pip, jars, etc)
Stars: ✭ 96 (+81.13%)
Mutual labels:  pypi
kodex
A privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.
Stars: ✭ 70 (+32.08%)
Mutual labels:  compliance
Audit-Test-Automation
The Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.
Stars: ✭ 37 (-30.19%)
Mutual labels:  compliance
HypixelIO
A Modern Efficient and Easy way of interacting with the Hypixel API!
Stars: ✭ 16 (-69.81%)
Mutual labels:  pypi
terraform-aws-serverless-pypi
Serverless PyPI backed by S3
Stars: ✭ 33 (-37.74%)
Mutual labels:  pypi
mongo
Light-weight utilities and declarative schema (mutable mapping) to augment, not replace the Python MongoDB driver.
Stars: ✭ 18 (-66.04%)
Mutual labels:  pypi
QPT
[内测中]前向式Python环境快捷封装工具,快速将Python打包为EXE并添加CUDA、NoAVX等支持。
Stars: ✭ 308 (+481.13%)
Mutual labels:  pypi
starcli
✨ Browse trending GitHub projects from your command line
Stars: ✭ 436 (+722.64%)
Mutual labels:  pypi
django-archive
Management command for creating compressed archives of Django projects, including database tables and uploaded media.
Stars: ✭ 27 (-49.06%)
Mutual labels:  pypi
allalgorithms-python
The All ▲lgorithms Python Library.
Stars: ✭ 31 (-41.51%)
Mutual labels:  pypi
mindware
An efficient open-source AutoML system for automating machine learning lifecycle, including feature engineering, neural architecture search, and hyper-parameter tuning.
Stars: ✭ 34 (-35.85%)
Mutual labels:  pypi
harwest-tool
A one-shot tool to harvest submissions from different OJs onto one single VCS managed repository http://bit.ly/harwest
Stars: ✭ 89 (+67.92%)
Mutual labels:  pypi
View All Similar Projects ➔

Compliance-trestle (also known as trestle)

OS Compatibility Python Pre-commit Code Coverage Quality gate Pypi GitHub Actions status

Trestle is an ensemble of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs. It leverages NIST's OSCAL as a standard data format for interchange between tools and people, and provides an opinionated approach to OSCAL adoption.

Trestle is designed to operate as a CICD pipeline running on top of compliance artifacts in git, to provide transparency for the state of compliance across multiple stakeholders in an environment friendly to developers. Trestle passes the generated artifacts on to tools that orchestrate the enforcement, measurement, and reporting of compliance.

It also provides tooling to manage OSCAL documents in a more human-friendly manner. By splitting large OSCAL data structures into smaller and easier to edit sub-structures, creation and maintenance of these artifacts, or facsimilies in markdown, can follow normal git workflows including peer review via pull request, versioning, releases/tagging.

Trestle provides three separate but related functions in the compliance space:

  • Manage OSCAL documents to allow editing and manipulation while making sure the schemas are enforced
  • Transform documents from other formats to OSCAL
  • Provide support and governance to author compliance content as markdown and drawio.

Trestle provides tooling to help orchestrate the compliance process across a number of dimensions:

  • Help manage OSCAL documents in a more human-friendly manner by expanding the large OSCAL data structures into smaller and easier to edit sub-structures while making sure the schemas are enforced.
  • Transform documents from other formats to OSCAL
  • Provide governance for markdown documents and enforce consistency of format and content based on specified templates
  • Tooling manage authoring and governance of markdown and drawio files withn a repository.
  • Support within trestle to streamline management within a managed git environment.
  • An underlying object model that supports developers interacting with OSCAL artefacts.

Why Trestle

Compliance suffers from being a complex topic that is hard to articulate simply. It involves complete and accurate execution of multiple procedures across many disciplines (e.g. IT, HR, management) with periodic verification and audit of those procedures against controls.

While it is possible to manage the description of controls and how an organisation implements them in ad hoc ways with general tools (spreadsheets, documents), this is hard to maintain for multiple accreditations and, in the IT domain at least, creates a barrier between the compliance efforts and the people doing daily work (DevOps staff).

Trestle aims to reduce or remove this barrier by bringing the maintenance of control descriptions into the DevOps domain. The goal is to have changes to the system (for example, updates to configuration management) easily related to the controls impacted, and to enable modification of those controls as required in concert with the system changes.

Trestle implicitly provides a core opinionated workflow driven by its pipeline steps to allow standardized interlocks with other compliance tooling platforms.

Machine readable compliance format

Compliance activities at scale, whether size of estate or number of accreditations, require automation to be successful and repeatable. OSCAL as a standard allows teams to bridge between the "Governance" layer and operational tools.

By building human managed artifacts into OSCAL, Trestle is not only able to validate the integrity of the artifacts that people generate - it also enables reuse and sharing of artifacts, and furthermore can provide suitable input into tools that automate operational compliance.

Supported OSCAL elements and extensions

trestle implicitly supports all OSCAL schemas for use within the object model. The development roadmap for trestle includes adding workflow around specific elements / objects that is opinionated.

trestle supports OSCAL version 1.0.0 only at this stage.

Supported file formats for OSCAL objects

OSCAL supports xml, json and yaml with their metaschema tooling. Trestle natively supports only json and yaml formats at this time.

Future roadmap anticipates that support for xml import and upstream references will be enabled. However, it is expected that full support will remain only for json and yaml.

Users needing to import XML OSCAL artifacts are recommended to look at NIST's XML to json conversion page here.

Python codebase, easy installation via pip

Trestle runs on almost all Python platforms (e.g. Linux, Mac, Windows), is available on PyPi and can be easily installed via pip. It is under active development and new releases are made available regularly.
To install run: pip install compliance-trestle
See Install trestle in a python virtual environment for the full installation guide.

Complete documentation and tutorials

Complete documentation, tutorials, and background on compliance can be found here.

Demos

A collection of demos utilizing trestle can be found in the related project compliance-trestle-demos.

Development status

Compliance trestle is currently beta. The expectation is that in ongoing work there may be un-announced changes that are breaking within the trestle codebase. With the release of NIST's version 1.0.0 of OSCAL we expect that these changes will be decreasing in size as trestle approaches a 1.0.0 release for itself.

Contributing to Trestle

Our project welcomes external contributions. Please consult contributing to get started.

License & Authors

If you would like to see the detailed LICENSE click here. Consult contributors for a list of authors and maintainers for the core team.

# Copyright (c) 2020 IBM Corp. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].