Please refer to ComplianceAsCode/content instead.
Entries from OpenControl were migrated to the controls structure:
e.g.
This repository contains control responses to NIST-800-53 security controls. Human readable overview is available at http://atopathways.redhatgov.io/ato/products/select/NIST-800-53
Some of the content is still work in progress!
Instructions on how to prepare your development host:
Users can use GoComply/fedramp tool to genereate OSCAL formatted FedRAMP SSPs out of the OpenControl formatted here. Example:
podman run \
--rm -t --security-opt label=disable \
-v $(pwd):/shared-dir \
quay.io/gocomply/gocomply sh -c "\
cd /shared-dir && \
gocomply_fedramp opencontrol https://github.com/ComplianceAsCode/redhat oscal.xml/"
find oscal.xml/ -type f
The results of this process can be reviewed online under ComplianceAsCode/oscal project.
Compliance masonry command from OpenControl project may be used to fetch opencontrol dependencies of this project and validate the repository conformance with OpenControl standard.
podman run \
--rm -t --security-opt label=disable \
-v $(pwd):/shared-dir \
quay.io/gocomply/gocomply sh -c "\
cd /shared-dir && \
git clone --depth 1 https://github.com/complianceascode/redhat ComplianceAsCode.redhat && \
cd ComplianceAsCode.redhat && \
masonry get --verbose && \
masonry validate"
find ComplianceAsCode.redhat/opencontrols/ -type f