GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mitre → vulcan

mitre / vulcan

Licence: other
A web application to streamline the development of STIGs from SRGs

Programming Languages

ruby
36898 projects - #4 most used programming language
Vue
7211 projects
Haml
164 projects
javascript
184084 projects - #8 most used programming language
HTML
75241 projects
shell
77523 projects

Labels

disacomplianceinspecstigsrgmitre-corporationmitre-inspeccompliance-automation

Projects that are alternatives of or similar to vulcan

inspec-profile-disa stig-el7
InSpec Profile for the EL7 DISA STIG
Stars: ✭ 21 (-30%)
Mutual labels:  disa, inspec, stig
inspec-gke-cis-benchmark
GKE CIS 1.1.0 Benchmark InSpec Profile
Stars: ✭ 27 (-10%)
Mutual labels:  compliance, inspec
heimdall tools
DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications
Stars: ✭ 28 (-6.67%)
Mutual labels:  inspec, mitre-corporation
Inspec
InSpec: Auditing and Testing Framework
Stars: ✭ 2,450 (+8066.67%)
Mutual labels:  compliance, inspec
fidesops
Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (+6.67%)
Mutual labels:  compliance, compliance-automation
RHEL8-STIG
Ansible role for Red Hat 8 STIG Baseline
Stars: ✭ 73 (+143.33%)
Mutual labels:  stig, compliance-automation
wazuh-packages
Wazuh - Tools for packages creation
Stars: ✭ 54 (+80%)
Mutual labels:  compliance
Standalone-Windows-Server-STIG-Script
STIG Standalone Windows Servers to DoD STIG/SRG Requirements and NSACyber Guidance. The ultimate Windows Server security and compliance script!
Stars: ✭ 26 (-13.33%)
Mutual labels:  srg
testing-4-cloud
Testing for the Cloud
Stars: ✭ 19 (-36.67%)
Mutual labels:  inspec
mitrecnd.github.io
MITRE Shield website
Stars: ✭ 17 (-43.33%)
Mutual labels:  mitre-corporation
guardian
Guardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.
Stars: ✭ 127 (+323.33%)
Mutual labels:  compliance
attack-evals
ATT&CK Evaluations website (DEPRECATED)
Stars: ✭ 57 (+90%)
Mutual labels:  mitre-corporation
forge
ISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.
Stars: ✭ 26 (-13.33%)
Mutual labels:  compliance
cis-dil-benchmark
CIS Distribution Independent Linux Benchmark - InSpec Profile
Stars: ✭ 120 (+300%)
Mutual labels:  inspec
aws-security-hub-response-and-remediation
Pre-configured response & remediation playbooks for AWS Security Hub
Stars: ✭ 58 (+93.33%)
Mutual labels:  compliance-automation
terraform-aws-config
This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Stars: ✭ 24 (-20%)
Mutual labels:  compliance
ticket-check-action
Verify that pull request titles start with a ticket ID
Stars: ✭ 29 (-3.33%)
Mutual labels:  compliance
before-you-ship
merged into the TTS Handbook
Stars: ✭ 39 (+30%)
Mutual labels:  compliance
attack-stix-data
STIX data representing MITRE ATT&CK
Stars: ✭ 118 (+293.33%)
Mutual labels:  mitre-corporation
intercept
INTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (+80%)
Mutual labels:  compliance
View All Similar Projects ➔

Vulcan

Description

Vulcan is a tool to help streamline the process of creating STIGs and InSpec security compliance profiles. It models the STIG intent form and the process of aligning security controls from SRG items into actual STIG security controls. Vulcan also gives the option while aligning the security controls to insert inspec code and test across any type of system supported by InSpec.

Features

  • Model the STIG creation process between the creator(vendor) and the approver(sponsor)
  • Write and test InSpec code on a local system, or across SSH, AWS, and Docker
  • Easily view the progress on what the status is of each control
  • Communicate through the application to make the best decisions on controls
  • Confidential data in the database is encrypted using symmetric encryption
  • Authenticate via the local server, through github, and through configuring an LDAP server.

Deploy Vulcan

Deploying Vulcan in Production

Deployment Dependencies:

For Ruby (on Ubuntu):

  • Ruby
  • build-essentials
  • Bundler
  • libq-dev
  • nodejs

Run With Ruby

Setup Ruby

  1. Install the version of Ruby specified in .ruby-version
  2. Install postgres and rbenv
  3. gem install foreman
  4. rbenv install
  5. bin/setup

Running with Ruby

Make sure you have run the setup steps at least once before following these steps!

  1. ensure postgres is running
  2. foreman start -f Procfile.dev
  3. Navigate to http://127.0.0.1:3000

Stopping Vulcan

  1. Stop Vulcan by doing ctrl + c
  2. Stop the postgres server

Configuration

See docker-compose.yml for container configuration options.

Documentation on how to configure additional Vulcan settings such as SMTP, LDAP, etc, are available on the Vulcan website.

NOTICE

© 2022 The MITRE Corporation.

Approved for Public Release; Distribution Unlimited. Case Number 18-3678.

NOTICE

MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.

NOTICE

This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.

No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.

For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].