The Validation Capability

MITRE SAF^©'s Validation capability helps organizations create and manage an automated collection of content used to assess a systems' compliance to baselines. 

The MITRE SAF^© Validation Library

As with the Hardening capability, MITRE SAF^© publishes and stewards a library of open source configuration compliance validation code (or profiles). Validation Library profiles align to a published baseline from government or industry (e.g., CIS Benchmarks and STIGs) to facilitate verification of security requirements. As with the Hardening Library, Validation profiles apply to each component of the software stack, including infrastructure, operating system, database, webserver, and application.

Manual Attestation

What about security requirements that can't be tested automatically including policy and procedures that exist outside of software or hardware? These requirements can only be tested manually. Historically, these requirements leave gaps in automated test data.

To address this gap, MITRE SAF^© created the attestation feature of the SAF CLI tool, giving the assessor the ability to record the result of a manual test in the same format as an automated test result, and then insert that data into the same workstream as their automated testing. Incorporating attestation enables development teams to use the same processes for automated and manual security testing; manually conducted tests can be fully integrated into their software pipeline.

The MITRE SAF^© Validation Library

See the MITRE SAF^© Validation Library for automated solutions for checking systems against common baselines.