-
Start a fresh directory
mkdir your-project-name && cd your-project-name
-
Create an
opencontrol.yaml -
Collect dependencies
compliance-masonry get
The get command will retrieve dependencies needed to compile documentation in an opencontrols/ folder. You will probably want to exclude this from your version control system (e.g. add opencontrols/ to your .gitignore).
Compliance Masonry has also been packaged as a Docker image and published on Docker Hub. Commands can be run with Docker in the directory containing opencontrol.yaml as follows:
docker run --rm -v "$PWD":/opencontrol -w /opencontrol opencontrolorg/compliance-masonry getTo view the compliance documentation as a web site or a PDF, see the GitBook documentation.
While there used to be Word document templating logic in Masonry, the team found that it could be done more effectively with rendering code tailored to the specifics of the destination *.docx. See the FedRAMP templater for an example of using Compliance Masonry as a library to inject OpenControl-formatted documentation into a Word doc.
Experimental. Does not take control origination into account.
Use Gap Analysis to determine the difference between how many controls you have documented versus the total controls for a given certification. This should be used continually as you work to indicate your compliance progress.
Given you have an opencontrol.yaml for your project and you have already collected your dependencies via the compliance-masonry get command, run compliance-masonry diff <the-certification>:
# Example
$ compliance-masonry diff FedRAMP-moderate
Number of missing controls: 5
NIST-800-53@CP-7 (1)
NIST-800-53@PS-2
NIST-800-53@PS-3 (3)
NIST-800-53@MP-5
NIST-800-53@PS-7Compliance Masonry uses the OpenControl schema.
| Type | Supported versions |
|---|---|
| Components | 2.0.0, 3.0.0, 3.1.0 |
| Standards | 1.0.0 |
| Certifications | 1.0.0 |
| opencontrol.yaml | 1.0.0 |