Compliance Masonry is a CLI that allows users to construct certification documentation using the OpenControl Schema. See Benefits for more explanation.
-
Install Go
-
Install the tool
go get github.com/opencontrol/compliance-masonry-go- Run the CLI
compliance-masonry-go
This project uses glide to manage vendored dependencies.
# Install glide
$ go get github.com/Masterminds/glide
# Install dependencies
$ $GOPATH/bin/glide install
Compliance Masonry examples in the wild:
Compliance Masonry uses the OpenControl v2 Schema.
Modern applications are built on existing systems such as S3, EC2, and Cloud Foundry. Documentation for how these underlying systems fulfill NIST controls or PCI SSC Data Security Standards is a prerequisite for receiving authorization to operate (ATO). Unlike most System Security Plan documentation, Compliance Masonry documentation is built using OpenControl Schema, a machine readable format for storing compliance documentation.
Compliance Masonry simplifies the process of certification documentations by providing:
- a data store for certifications (ex FISMA), standards (ex NIST-800-53), and the individual system components (ex AWS-EC2).
- a way for government project to edit existing files and also add new control files for their applications and organizations.
- a pipeline for generating clean and standardized certification documentation.