14. Additional Resources

14.1 Security Guidance

• https://public.cyber.mil/stigs/downloads/ (opens new window)
• https://www.cisecurity.org/cis-benchmarks/ (opens new window)

14.2 InSpec Documentation

• InSpec Docs (opens new window)
• InSpec Profiles (opens new window)
• InSpec Resources (opens new window)
• InSpec Matchers (opens new window)
• InSpec Shell (opens new window)
• InSpec Reporters (opens new window)
• InSpec Profile Inheritance (opens new window)

14.3 Additional Tutorials

• Introduction to InSpec Playlist (opens new window)
• What to Expect When You’re InSpec’ing (opens new window)
• Getting started with InSpec - The InSpec basics series (opens new window)
• Windows infrastructure testing using InSpec – Part I (opens new window)
• Windows infrastructure testing using InSpec and Profiles – Part II (opens new window)

14.4 Community-based InSpec Profiles and Heimdall Results-Viewing tools hosted at MITRE's Github

• MITRE InSpec Profile Repositories (opens new window)
• InSpec Tools (opens new window)
• Heimdall Lite (opens new window)
• Heimdall Lite Github Repo (opens new window)
• Heimdall Server (with backend database, compare and trending) (opens new window)
• Heimdall Tools to convert output from common static and dynamic security analysis tools (e.g., sonarqube, OWASP ZAP, fortify, etc.) into the Heimdall Data Format json for viewing in Heimdall (opens new window)

14.5. InSpec Community Partners

Many vendors and communities of interest have partnered with MITRE to develop security testing content. They have released this content on Github following in MITRE's footsteps.

14.5.1 CrunchyData

• https://github.com/CrunchyData/pgstigcheck-inspec (opens new window)

14.5.2 Elastic

• https://github.com/elastic/elasticsearch-inspec (opens new window)

14.5.3 AWS

• https://github.com/inspec/inspec-aws (opens new window)

14.5.4 VMWare

• https://github.com/vmware/dod-compliance-and-automation (opens new window)
• https://github.com/rlakey/vmware-esxi-6.7-stig-baseline (opens new window)
• https://github.com/kclinden/vmware-vrealize-automation-7-x-sles-stig-baseline (opens new window)
• https://github.com/kclinden/vmware-esxi-6.5-stig-baseline (opens new window)

14.6. rspec documentation

• Explicit Subject (opens new window)
• should and should_not (opens new window)
• Built in matchers (opens new window)

14.7. Slack

• Chef Slack (opens new window)