Included is a sample opencontrol.yaml
file that imports the Docker EE components and generates compliance documentation for a Moderate ATO. You can use this as a starting point for your own ATO efforts and simply fill in the blanks in the component files in the ./policies/
directory to reflect your organization's own policies and procedures.
The steps below can be used to import the OpenControl dependencies and serve a GitBook. Ensure that Docker is installed on your local workstation. Run the following commands from the root of the examples/opencontrol/DockerEE-Moderate-ATO
directory.
- Remove any existing
exports/
andopencontrols/
directories in your workspace
rm -rf exports/ opencontrols/
- Retrieve dependencies
docker run --rm -v "$PWD":/opencontrol -w /opencontrol opencontrolorg/compliance-masonry get
- Generate GitBook
docker run --rm -v "$PWD":/opencontrol -w /opencontrol opencontrolorg/compliance-masonry docs gitbook FedRAMP-moderate
- Serve GitBook locally
docker run --rm -it -p 4000:4000 -v "$PWD/exports":/srv/gitbook fellah/gitbook:2.6.7
- Access the generated SSP web site via your browser at http://localhost:4000. You can hit
Ctrl+C
to remove the container.
A Makefile has also been included for running these same steps:
make clean serve