Expectation: I should be able to write a map YAML file that defines columns in a spreadsheet that are interpreted as tags in the resulting InSpec control when using the spreadsheet as an input to saf generate spreadsheet2inspec_stub.
E.g.:
# map.yml
id:
- id
title:
- requirement
impact: 0.5
tag.nist: # this should fill out the control's NIST 80053 family
- nist
tag.whatever_i_want:
- whatever_i_want
desc:
- description
desc.rationale:
- rationale
Running this with a spreadsheet that has the headers indicated in the YAML file via:
saf generate spreadsheet2inspec_stub -M map.yml -i spreadsheet.csv -o my_profile
Should give controls like:
control 'id-number' do
title 'requirement'
desc 'This control description'
desc 'rationale', 'Because I said so'
impact 0.5
tag nist: ['CM-6']
tag whatever_i_want: 'value'
tag severity: 'medium'
end
Instead, it seems that no matter what, a placeholder empty NIST tag is created, even if I do not specify one in the map file.
Also, the docs do not even indicate that you can add arbitrary tags like you can with descriptions. I'm not sure this fairly important part of mapping was implemented.
Expectation: I should be able to write a map YAML file that defines columns in a spreadsheet that are interpreted as tags in the resulting InSpec control when using the spreadsheet as an input to
saf generate spreadsheet2inspec_stub.E.g.:
Running this with a spreadsheet that has the headers indicated in the YAML file via:
Should give controls like:
Instead, it seems that no matter what, a placeholder empty NIST tag is created, even if I do not specify one in the map file.
Also, the docs do not even indicate that you can add arbitrary tags like you can with descriptions. I'm not sure this fairly important part of mapping was implemented.