Lead Image © Gunnar Pippel, 123RF
Automated compliance testing with InSpec
Strictly Managed
Compliance is a valid tool for enabling or facilitating secure operation of any type of IT organization, which is what ISO 27001 [1], BSI Base Protection [2], and various other certification bodies claim for their customers. However, corporations often need to implement compliance rules for certification that are contrary to existing business practices. To keep the promises made to the certification authority, regular systems checks are needed. Thus, a corporation needs to verify whether the rules laid down in its statutes are in fact implemented on all relevant systems, as the instructions require. The question is, how can you implement this kind of check?
One way would be to employ admins who do nothing but handle this task, but that would be inefficient; moreover, it would cause a worrying situation in which regular administrators feel they are being watched. Infinitely preferable is automated compliance tests: InSpec to the rescue.
Audits and Tests
Those who have been involved in converting a home-grown system to one in which strict compliance rules are observed knows the pain involved. Whereas previously a laissez-faire atmosphere ruled the day, all of a sudden, a rigid structure with many requirements and conditions regulate the administrator's work, often with far-reaching consequences. The sheer volume of regulations alone can make moving forward difficult. If a quick fix is needed in an emergency, compliance rules often provide for exceptions, but they do need to be replaced by the right solutions looking forward.
InSpec, from the developer of Chef, promises to run compliance tests automatically and regularly on target systems with tests you define in a human-readable language that avoids the need to learn an overly elaborate syntax. InSpec describes itself as a
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Automated compliance with Chef InSpec
Chef InSpec is a practical tool for automated compliance monitoring with an intuitive, declarative scripting language. -
The new version of Chef Automate comes with many new features
Chef, one of the oldest automation solutions, seeks to become a universal administration robot for cloud environments with new version 2.0. -
Chef users faced with a license change might find solace in a new open source distribution, Cinc.
For the past two years, Chef software used commercially has required a separate license. Cinc enters the scene as a free and completely compatible Chef distribution that makes it a genuine alternative. -
Automation with Chef
The Chef automator borrows some of its vocabulary from the world of cooking. Its cookbooks contain good recipes for many recurring tasks, and admins can follow them to prepare palatable results with manageable overhead. -
OPA and Gatekeeper enforce policy defaults in Kubernetes
Enforce container compliance in Kubernetes in one of two ways: with Open Policy Agent or Gatekeeper.