Add missing NIST 800-53 tags

KonradSchieban · web-flow · commit a80ee47ec98e · 2021-07-04T02:16:08.000-04:00
diff --git a/controls/1.01-iam.rb b/controls/1.01-iam.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-3"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#use_corporate_login_credentials'
diff --git a/controls/1.02-iam.rb b/controls/1.02-iam.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["IA-2"]
+  tag nist: ['IA-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/solutions/securing-gcp-account-u2f'
diff --git a/controls/1.03-iam.rb b/controls/1.03-iam.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['IA-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/security-key/'
diff --git a/controls/1.04-iam.rb b/controls/1.04-iam.rb
@@ -45,7 +45,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys'
diff --git a/controls/1.05-iam.rb b/controls/1.05-iam.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-6"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/'
diff --git a/controls/1.06-iam.rb b/controls/1.06-iam.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-6"]
+  tag nist: %w[AC-2 AC-3]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts'
diff --git a/controls/1.07-iam.rb b/controls/1.07-iam.rb
@@ -40,7 +40,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-12"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys'
diff --git a/controls/1.08-iam.rb b/controls/1.08-iam.rb
@@ -39,7 +39,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-5"]
+  tag nist: %w[AC-2 AC-3]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts'
diff --git a/controls/1.09-iam.rb b/controls/1.09-iam.rb
@@ -34,7 +34,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-5"]
+  tag nist: ['AC-3']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation'
diff --git a/controls/1.10-iam.rb b/controls/1.10-iam.rb
@@ -41,7 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-12"]
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation'
diff --git a/controls/1.11-iam.rb b/controls/1.11-iam.rb
@@ -38,7 +38,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-5"]
+  tag nist: %w[AC-2 AC-3 AC-6]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/separation-of-duties'
diff --git a/controls/1.12-iam.rb b/controls/1.12-iam.rb
@@ -40,7 +40,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'
diff --git a/controls/1.13-iam.rb b/controls/1.13-iam.rb
@@ -41,7 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'
diff --git a/controls/1.14-iam.rb b/controls/1.14-iam.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys'
diff --git a/controls/1.15-iam.rb b/controls/1.15-iam.rb
@@ -41,7 +41,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
 
diff --git a/controls/2.01-logging.rb b/controls/2.01-logging.rb
@@ -50,7 +50,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-2", "AU-2"]
+  tag nist: %w[AU-6 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/audit/'
diff --git a/controls/2.02-logging.rb b/controls/2.02-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-4 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging'
diff --git a/controls/2.03-logging.rb b/controls/2.03-logging.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AU-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/bucket-lock'
diff --git a/controls/2.04-logging.rb b/controls/2.04-logging.rb
@@ -51,7 +51,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AU-12']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.05-logging.rb b/controls/2.05-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.06-logging.rb b/controls/2.06-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.07-logging.rb b/controls/2.07-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.08-logging.rb b/controls/2.08-logging.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.09-logging.rb b/controls/2.09-logging.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.10-logging.rb b/controls/2.10-logging.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/2.11-logging.rb b/controls/2.11-logging.rb
@@ -38,7 +38,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AU-3 AU-12]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/'
diff --git a/controls/3.01-networking.rb b/controls/3.01-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#firewall_rules'
diff --git a/controls/3.02-networking.rb b/controls/3.02-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#creating_a_legacy_network'
diff --git a/controls/3.03-networking.rb b/controls/3.03-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html'
diff --git a/controls/3.04-networking.rb b/controls/3.04-networking.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options'
diff --git a/controls/3.05-networking.rb b/controls/3.05-networking.rb
@@ -35,7 +35,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-6']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options'
diff --git a/controls/3.06-networking.rb b/controls/3.06-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-7"]
+  tag nist: %w[CM-7 CA-3 SC-7]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'
diff --git a/controls/3.07-networking.rb b/controls/3.07-networking.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SC-7"]
+  tag nist: %w[CM-7 CA-3 SC-7]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic'
diff --git a/controls/3.08-networking.rb b/controls/3.08-networking.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["SI-4"]
+  tag nist: %w[AU-12 SI-4]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging'
diff --git a/controls/3.09-networking.rb b/controls/3.09-networking.rb
@@ -34,7 +34,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['SC-1']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/load-balancing/docs/use-ssl-policies'
diff --git a/controls/4.01-vms.rb b/controls/4.01-vms.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-6"]
+  tag nist: %w[AC-2 AC-6]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances'
diff --git a/controls/4.02-vms.rb b/controls/4.02-vms.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[AC-2 AC-6]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances'
diff --git a/controls/4.03-vms.rb b/controls/4.03-vms.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys'
diff --git a/controls/4.04-vms.rb b/controls/4.04-vms.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['AC-2']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/managing-instance-access'
diff --git a/controls/4.05-vms.rb b/controls/4.05-vms.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['CM-7']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/interacting-with-serial-console'
diff --git a/controls/4.06-vms.rb b/controls/4.06-vms.rb
@@ -36,7 +36,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: %w[CM-6 CM-8]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#canipforward'
diff --git a/controls/4.07-vms.rb b/controls/4.07-vms.rb
@@ -42,7 +42,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['SC-1']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#encrypt_a_new_persistent_disk_with_your_own_keys'
diff --git a/controls/4.08-vms.rb b/controls/4.08-vms.rb
@@ -54,7 +54,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: []
+  tag nist: ['SC-1']
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/modifying-shielded-vm'
diff --git a/controls/5.01-storage.rb b/controls/5.01-storage.rb
@@ -33,7 +33,7 @@
   tag cis_gcp: control_id.to_s
   tag cis_version: cis_version.to_s
   tag project: gcp_project_id.to_s
-  tag nist: ["AC-2"]
+  tag nist: %w[AC-2 CA-3]
 
   ref 'CIS Benchmark', url: cis_url.to_s
   ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/access-control/iam-reference'
diff --git a/controls/5.02-storage.rb b/controls/5.02-storage.rb
diff --git a/controls/6.01-db.rb b/controls/6.01-db.rb
diff --git a/controls/6.02-db.rb b/controls/6.02-db.rb
diff --git a/controls/6.03-db.rb b/controls/6.03-db.rb
diff --git a/controls/6.04-db.rb b/controls/6.04-db.rb
diff --git a/controls/6.05-db.rb b/controls/6.05-db.rb
diff --git a/controls/6.06-db.rb b/controls/6.06-db.rb
diff --git a/controls/6.07-db.rb b/controls/6.07-db.rb
diff --git a/controls/7.01-bq.rb b/controls/7.01-bq.rb
diff --git a/inspec.yml b/inspec.yml
