Has any work been done to be able to say what checks are mapped to a single NIST control?
For example:
AC-3:
userowner_shadow_file
groupowner_shadow_file
groupowner_group_file
...
IIUC, the current tools generate something more akin to
userowner_shadow_file:
AC-3, CM-6
where AC-3 and CM-6 are in the same nist ref
joe