How do I assert something?

22 views
Skip to first unread message

niall

unread,
Jun 9, 2011, 7:30:25 AM6/9/11
to CloudAudit
Hi,

As a lapsed lurker I might have missed the discussion on what we put
at the leaf of the namespace to assert something. The generated
namespaces have an index.html and manifest.xml file, but that doesn't
correspond to the discussions on ATOM towards the end of last year.

Lets say I'm putting a server inside a data centre that comes with
armed ex-marines behind bullet-resistant screens at the entrance along
with biometrics, mantraps, cages etc. What do I put at the end of the
tree to say that, in my opinion, this is good enough to meet ISO 27002
control 9.1.2 and have this inherited by every service I put into that
DC?

... and is there an app for that?


Thanks
Niall

Christofer Hoff

unread,
Jun 9, 2011, 8:41:49 AM6/9/11
to cloud...@googlegroups.com, CloudAudit
You can put whatever you want IN the namespace (directory) The manifest.XML and index.HTML represent the contents of the artifacts in that directory.

ATOM is the markup language we use for the manifest.XML file, so I don't know what you meant in your reference to it.

So, you don't put anything at the "end of the tree" per se. You put content in this directory which is indexed and presented.

Some namespaces will have arbitrary content, others well structured depending on the compliance framework; just lime in a regular audit scenario.

I'll jump on my Mac later and send you a link to a working cloudAudit namespace so you can see why I mean.

Hoff

--
Sent from my mobile so please forgive any fat-fingering...

Blog: www.rationalsurvivability.com/blog

Christofer Hoff

unread,
Jun 9, 2011, 10:01:09 AM6/9/11
to cloud...@googlegroups.com, CloudAudit
Here is the link to the functional enstratus CloudAudit implementation (CSA compliancePak):

https://cloud.enstratus.com/.well-known/cloudaudit/

--
Sent from my mobile so please forgive any fat-fingering...

Blog: www.rationalsurvivability.com/blog

On Jun 9, 2011, at 7:30, niall <niall....@gmail.com> wrote:

niall

unread,
Jun 9, 2011, 12:56:06 PM6/9/11
to CloudAudit
Thanks. Much easier to see it in place.

The namespace tool from August last year creates a tree, but is there
anything that helps maintain the manifest.xml and front page based on
changes to the assertions further down the tree?



On Jun 9, 3:01 pm, Christofer Hoff <infoseceni...@gmail.com> wrote:
> Here is the link to the functional enstratus CloudAudit implementation (CSA compliancePak):
>
> https://cloud.enstratus.com/.well-known/cloudaudit/
>
> --
> Sent from my mobile so please forgive any fat-fingering...
>
> Blog:www.rationalsurvivability.com/blog
>
Reply all
Reply to author
Forward
0 new messages