^©

Validate

These open source community-based InSpec profiles validate the security of common system components. MITRE is helping to provide stewardship over these profiles, hosted here and at other community vendor sites. If you are interested in new profiles, please contact us at saf@groups.mitre.org. If you are interested in developing and contributing your own profiles, please see our training material. All assessment tests under MITRE SAF ^© are associated with NIST SP 800-53 Security Controls.

Usage

The Validation Library contents are collections of test definitions that can be used in conjunction with testing tools such as Progress Chef recipes to validate system components against baselines. Specific usage instructions for each piece of validation content can be found in their repository README files.


Cloud Service Providers
AWS CIS \| v2.0.0 Title	InSpec	MITRE SAF
AWS RDS Best Practices Benchmark Title	InSpec	MITRE SAF
AWS RDS CIS \| v1.0.0 Title	InSpec	MITRE SAF
AWS S3 Best Practices Benchmark \| n/a Title	InSpec	MITRE SAF
GCP CIS Benchmark \| v1.2.0 Title	InSpec	Google
GCP PCI-DSS 3.2.1 \| v3.2.1 Title	InSpec	Google
GKE CIS Benchmark \| v1.1.0 Title	InSpec	Google
Virtual Platforms
Docker CE CIS \| v1.1.0 Title	InSpec	MITRE SAF
K3s Cluster STIG \| v1r1 Title	InSpec	MITRE SAF
K3s Node STIG \| v1r1 Title	InSpec	MITRE SAF
Kubernetes CIS \| v1.1.0 Title	InSpec	MITRE SAF
Kubernetes Cluster STIG \| v1r1 Title	InSpec	MITRE SAF
Kubernetes Node STIG \| v1r1 Title	InSpec	MITRE SAF
VMware ESXI 6.5 STIG \| v1r1 Title	InSpec	VMware
VMware ESXI 6.7 STIG \| v1r2 Title	InSpec	VMware
VMware VCSA 6.7 STIG \| v1r2 Title	InSpec	VMware
VMware VCSA 7.0 STIG Readiness Guide \| v1r4 Title	InSpec	VMware
VMware vSphere 7.0 STIG Readiness Guide \| v4r1 Title	InSpec	VMware
VMware vSphere VM 6.7 STIG \| v1r2 Title	InSpec	VMware
Operating Systems
Red Hat 6 STIG \| v1r21 Title	InSpec	MITRE SAF
Red Hat 7 STIG \| v3r5 Title	InSpec	MITRE SAF
Red Hat 8 STIG \| v1r13 Title	InSpec	MITRE SAF
Red Hat CVE Scan \| n/a Title	InSpec	MITRE SAF
Ubuntu 16.04 STIG \| v1r1 Title	InSpec	MITRE SAF
Ubuntu 20.04 STIG \| v1r6 Title	InSpec	MITRE SAF
Windows 10 STIG \| v1r19 Title	InSpec	VMware
Windows 2012 STIG \| v12r2 Title	InSpec	VMware
Windows 2016 STIG \| v1r7 Title	InSpec	VMware
Windows 2019 STIG \| v2r1 Title	InSpec	VMware
Databases
AWS MSQL 2014 STIG \| v1r9 Title	InSpec	MITRE SAF
AWS RDS MySQL 5.7 CIS \| v1.0.0 Title	InSpec	MITRE SAF
AWS RDS Oracle Database 12c STIG \| v2r1 Title	InSpec	MITRE SAF
AWS RDS PostgreSQL 10+ STIG \| v1r1 Title	InSpec	MITRE SAF
AWS RDS PostgreSQL 9.x STIG \| v1r6 Title	InSpec	MITRE SAF
MSQL 2014 Database STIG \| v1r6 Title	InSpec	MITRE SAF
MSQL 2014 Instance STIG \| v1r9 Title	InSpec	MITRE SAF
MongoDB STIG \| v1r2 Title	InSpec	MITRE SAF
Oracle Database 12c STIG \| v1r12 Title	InSpec	MITRE SAF
Oracle Database 19c CIS \| v1.0.0 Title	InSpec	MITRE SAF
Oracle MySQL 5.7 CIS \| v1.0.0 Title	InSpec	MITRE SAF
Oracle MySQL 8.0 STIG \| v1r1 Title	InSpec	MITRE SAF
PostgreSQL 10+ STIG \| v1r1 Title	InSpec	MITRE SAF
PostgreSQL 9.x STIG \| v1r6 Title	InSpec	MITRE SAF
Network
Application Logic
JRE 7 STIG \| v1r6 Title	InSpec	MITRE SAF
JRE 8 STIG \| v1r3 Title	InSpec	MITRE SAF
RSA Archer 6 SCG \| 6.x Title	InSpec	MITRE SAF
Red Hat Jboss EAP 6.3 STIG \| v1r3 Title	InSpec	MITRE SAF
Web Servers
Apache Server 2.2 STIG \| v1r10 Title	InSpec	MITRE SAF
Apache Server 2.4x STIG \| v2r2 Title	InSpec	MITRE SAF
Apache Site 2.2 STIG \| v1r10 Title	InSpec	MITRE SAF
Apache Site 2.4x STIG \| v2r1 Title	InSpec	MITRE SAF
Apache Tomcat 9.x STIG \| v2r1 Title	InSpec	MITRE SAF
DRAFT: Tomcat 7 CIS \| v1.0.1 Title	InSpec	MITRE SAF
DRAFT: Tomcat 8 CIS \| v1.0.1 Title	InSpec	MITRE SAF
IIS 8.5 Server STIG \| v1r5 Title	InSpec	MITRE SAF
IIS 8.5 Site STIG \| v1r5 Title	InSpec	MITRE SAF
NGINX Baseline \| v1r9 Title	InSpec	MITRE SAF
NGINX STIG Ready Baseline \| v3r1 Title	InSpec	MITRE SAF