Skip to main content

Overview of Mondoo policies


Mondoo Platform comes stocked with an ever-increasing collection of certified security policies and benchmarks designed to assess your critical business assets for security vulnerabilities and misconfigurations. These policies are production-ready, simple to deploy and customize for any environment, and quickly provide actionable insights for your business.

Mondoo Platform - CIS policy

Mondoo policies describe a prescriptive set of security and compliance rules used to test and validate consistent standards are met across every infrastructure environment from build-time, to runtime. Mondoo continuously assesses your business-critical systems according to the policies you enable in Mondoo Platform, and reports any deviation from those policies so that you can take immediate action.

Policy as code

Security policy typically starts in the form of some kind of document that describes the policy, the rationale for it, as well as the impact and risk if the policy is not followed. Some of the best examples of security policies are the CIS Benchmarks which cover everything from operating systems, to containers and Kubernetes, and entire cloud platforms.

While the CIS Benchmarks provide detailed information for each individual rule or control, including auditing and remediation steps, it still falls to individuals within an organization to carry out the work of implementing these policies. The work to prove compliance with CIS Benchmarks is often manual, which is time intensive and error prone. When carried out as an exercise such as passing an audit, manual compliance only provides a temporary, snapshot in time, rather than an automated and continuous assessment.

As change is constant in modern application and infrastructure environments, it is critical businesses have a way of applying policy in a manner that is fast, efficient, and fully automated using code.

Security policies expressed as YAML

Mondoo policies are designed to easily translate document form security policy and controls, into policy-as-code artifacts that fit into the software development lifecycle. As Mondoo policies are written in YAML as versioned artifacts allowing infrastructure developers already embracing modern technologies such as Kubernetes and cloud, can quickly learn to develop, deploy, and integrate Mondoo into their existing workflows.

Each policy is a collection of 'scoring' and 'data' queries written using Mondoo Query Language (MQL), along with metadata that describes both the policy and rationale for it, as well as documentation such as the description, manual auditing steps, remediation steps, and references to originating policy.

The following is an example of a simple Mondoo policy that tests SSHD configuration on a Linux host:

Example Mondoo SSHD Server Policy
policies:
- uid: sshd
name: SSH Server Policy
version: "1.0.0"
authors:
- name: Jane Doe
email: jane@example.com
specs:
- # The key "asset_filter" defines a single query that decides if the policy is applicable or not. All DQL
asset_filter:
query: platform.family.contains(_ == 'linux')
scoring_queries:
sshd-score-01:
data_queries:
sshd-data-01:
queries:
- uid: sshd-score-01
title: Ensure SSH MaxAuthTries is set to 4 or less
query: sshd.config.params["MaxAuthTries"] <= 4
docs:
desc: |
The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection.
When the login failure count reaches half the number, error messages will be written to the syslog file
detailing the login failure.
audit: Run the `sshd -T | grep maxauthtries` command and verify that output MaxAuthTries is 4 or less
# The "remediation" key provides information to fix the detected issue
remediation: |
Open your `/etc/ssh/sshd_config` and set `MaxAuthTries` to `4`.
refs:
- title: CIS Distribution Independent Linux
url: https://www.cisecurity.org/benchmark/distribution_independent_linux/

- uid: sshd-data-01
title: Gather SSH config params
query: sshd.config.params

Standardize policy for any environment

Most businesses today run a myriad of business-critical technologies that must be secured. From public cloud technologies such as AWS, Microsoft Azure, Google and Cloud Platform, private cloud technology such as VMware, as well as Kubernetes clusters, servers, endpoints, network devices, SaaS platforms, and more. Mondoo supports them all giving you the ability to create policy for any environment.