Skip to main content

7. Additional Technical Details and Resources

Daniel Medina, George Dias12/4/24Less than 1 minute

7.1 Additional Technical Details

7.1.1 Update Controls Process

Update Controls Process Diagram
Update Controls Process Diagram

7.1.2 Delta Process

Delta Workflow Process Diagram
Delta Workflow Process Diagram

7.2 Scope of Changes by Delta

Delta does not modify the Ruby/InSpec code within the control, leaving it intact. Instead, it replaces the 'control metadata' using the content from the supplied XCCDF guidance document. This applies to controls that map from baseline X to baseline Y.

7.3 Additional Resources

  • Download New Guidance: Download the appropriate profile from the DISA Document Library. Unzip the downloaded folder and identify the <name>xccdf.xml file.
  • Create the InSpec Profile JSON File: Clone or download the InSpec profile locally. Run the inspec json or cinc-auditor json command to create the InSpec Profile JSON file to be used in the saf generate delta command.

7.4 Educational Enhancements

To enhance understanding and learning, consider the following steps:

  • Hands-on Practice: Encourage students to practice downloading and unzipping the profile, and identifying the <name>xccdf.xml file.
  • Step-by-Step Guide: Provide a detailed, step-by-step guide on how to run the inspec json or cinc-auditor json command.
  • Interactive Sessions: Conduct interactive sessions where students can ask questions and get real-time assistance.
  • Quizzes and Assessments: Include quizzes and assessments to test students' understanding of the material.
  • Additional Reading: Recommend additional reading materials and resources for students who want to delve deeper into the subject.
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2025 Daniel Medina, George Dias