SPIKE: STIG templates

Research STIG template integration for Compliance Dashboard policy compliance. Identify if there is a value in developing a compliance operator CRD/helm chart for BB.

Good starting point would be to check out https://stigviewer.com/stigs/kubernetes with JSON template.

Additional sources:

• https://public.cyber.mil/stigs/
• https://public.cyber.mil/stigs/scap
• Kubernetes SCAP
• https://github.com/mitre/k8s-cluster-stig-baseline
• https://github.com/ComplianceAsCode/libreSCAP/tree/master
• https://github.com/ComplianceAsCode/compliance-operator
• https://developers.redhat.com/articles/2024/02/08/how-visualize-your-openscap-compliance-reports

created branch 33-spike-stig-templates to address this issue

changed the description

added teamSecurity & Compliance label

changed the description

changed the description

@phillip.warner had some thoughts on our approach to STIG validation

added big-bang#416 as parent epic

assigned to @daxmc99

changed iteration to Big Bang Iterations Apr 1, 2025 - Apr 14, 2025

Initial approach based on what I'm seeing here:

Why not kube-bench for this. Its an industry standard and part of the CKS exam. It has a previous STIG for AWS EKS. We could contribute a configuration for the latest kubernetes stig.

While it seems like oscap is another useful tool here kubebench has a bit more Kubernetes focus. Assuming we are focused on the Kubernetes STIG I believe this would be the preferred tool unless there is specific artifact we need to produce.

added statusdoing label

removed iteration Big Bang Iterations Apr 1, 2025 - Apr 14, 2025

changed iteration to Big Bang Iterations Apr 15, 2025 - Apr 28, 2025

removed statusdoing label