Skip to content

Commit

Permalink
1 - Added section #
Browse files Browse the repository at this point in the history 
Signed-off-by: Shivani Karikar <[email protected]>
  • Loading branch information
@karikarshivani
karikarshivani authored Dec 3, 2024
1 parent 1e80b64 commit 26e05a7
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/courses/guidance/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
order: 1
next: 02.md
title: Security Guidance Developer Class
shortTitle: Security Guidance Development
title: 1. Security Guidance Developer Class
shortTitle: 1. Security Guidance Development
author: Emily Rodriguez
headerDepth: 3
---
Expand All @@ -17,12 +17,12 @@ By the end of this class, you should be able to achieve all of the following obj
- Create tailored security guidance using Vulcan.
- Classify security requirements as Applicable - Configurable, Applicable - Inherently Meets, Applicable - Does Not Meet, Not Applicable, or Not Yet Determined for a given software component.
- Export security guidance as InSpec stubs to assist in automated security validation.
- Understand how STIG-ready content can be formally peer reviewed by DISA and published to the security community
- Understand how STIG-ready content can be formally peer-reviewed by DISA and published to the security community
- Create guidance with Vulcan to support Authority To Operate (ATO) efforts

## 1.2 The Road to Security Automation

As you can see from the picture below, the process for developing automated security tests starts with requirements documents like SRGs, STIGs or CIS Benchmark that are written in regular, human language and then implemented as code. We need that code to record test results in a standardized format so that we can easily export our security data somewhere people can use it to make decisions (like the Heimdall visualization app).
As you can see from the picture below, the process for developing automated security tests starts with requirements documents like SRGs, STIGs, or CIS Benchmarks that are written in regular, human language and then implemented as code. We need that code to record test results in a standardized format so that we can easily export our security data somewhere people can use it to make decisions (like the Heimdall visualization app).

This challenge is what the [MITRE Security Automation Framework](https://saf.mitre.org) or MITRE SAF was developed to simplify -- to make the journey from a Requirement Document to an automated test profile and back again a little easier to navigate.

Expand Down

0 comments on commit 26e05a7

Please sign in to comment.