# 1. About InSpec

InSpec is an open-source, community-developed compliance validation framework
Provides a mechanism for defining machine-readable compliance and security requirements
Easy to create, validate, and read content
Cross-platform (Windows, Linux, Mac)
Agnostic to other DevOps tools and techniques
Integrates into multiple CM tools

# The Road to Security Automation

InSpec is one of the tools of the Security Automation workflow and operates easily with orchestration and configuration management tools found in the DevOps world.

As you can see from the picture below, the process from Requirement Documents - like SRGs, STIGs and CIS Benchmarks - to visualized test results is a bit of a journey.

This challenge is what the MITRE Security Automation Framework (opens new window) or MITRE SAF was developed to simplify.

To make the journey from Requirement Document to automated tests and back again a little easier to navigate.

Alt text

We hope that durning the course of this class you will start to become familiar and comfortable with a few - if not all - of the tools, parts and processes involved in the end-to-end process and have the confidence to start automating your compliance journey with us.

Let's get started ...

2. Starting the Journey →