fix: test creating a release

Author: mrgadgil

catalogs/cis-v8/catalog.json

@@ -38,7 +38,7 @@
                {
                   "id":"cisc-3_stmt",
                   "name":"statement",
-                  "prose":"Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data."
+                  "prose":"Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data. TEST"
                },
                {
                   "id":"cisc-3_gdn",

md_catalogs/cis-v8/cisc-3.md

@@ -7,7 +7,7 @@ x-trestle-global:
 
 ## Control Statement
 
-Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
+Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data. TEST
 
 ## Control guidance
 

md_catalogs/cis-v8/cisc-8.1.md

@@ -0,0 +1,10 @@
+---
+x-trestle-global:
+  sort-id: cisc-08.01
+---
+
+# cisc-8.1 - \[\] Establish and Maintain an Audit Log Management Process
+
+## Control Statement
+
+Establish and maintain an audit log management process that defines the enterprise’s logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

md_catalogs/cis-v8/cisc-8.2.md

@@ -0,0 +1,10 @@
+---
+x-trestle-global:
+  sort-id: cisc-08.02
+---
+
+# cisc-8.2 - \[\] Collect Audit Logs
+
+## Control Statement
+
+Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.

md_catalogs/cis-v8/cisc-8.3.md

@@ -0,0 +1,10 @@
+---
+x-trestle-global:
+  sort-id: cisc-08.03
+---
+
+# cisc-8.3 - \[\] Ensure Adequate Audit Log Storage
+
+## Control Statement
+
+Ensure that logging destinations maintain adequate storage to comply with the enterprise’s audit log management process.

md_catalogs/cis-v8/cisc-8.4.md

@@ -0,0 +1,10 @@
+---
+x-trestle-global:
+  sort-id: cisc-08.04
+---
+
+# cisc-8.4 - \[\] Standardize Time Synchronization
+
+## Control Statement
+
+Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.

md_catalogs/cis-v8/cisc-8.5.md

@@ -0,0 +1,10 @@
+---
+x-trestle-global:
+  sort-id: cisc-08.05
+---
+
+# cisc-8.5 - \[\] Collect Detailed Audit Logs
+
+## Control Statement
+
+Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.

md_catalogs/cis-v8/cisc-8.6.md

@@ -0,0 +1,10 @@
+---
+x-trestle-global:
+  sort-id: cisc-08.06
+---
+
+# cisc-8.6 - \[\] Collect DNS Query Audit Logs
+
+## Control Statement
+
+Collect DNS query audit logs on enterprise assets, where appropriate and supported.

md_catalogs/cis-v8/cisc-8.md

@@ -0,0 +1,18 @@
+---
+x-trestle-global:
+  sort-id: cisc-08
+---
+
+# cisc-8 - \[\] Audit Log Management
+
+## Control Statement
+
+Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.
+
+## Control guidance
+
+Log collection and analysis is critical for an enterprise’s ability to detect malicious activity quickly. Sometimes audit records are the only evidence of a successful attack. Attackers know that many enterprises keep audit logs for compliance purposes, but rarely analyze them. Attackers use this knowledge to hide their location, malicious software, and activities on victim machines. Due to poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target enterprise knowing.
+
+There are two types of logs that are generally treated and often configured independently: system logs and audit logs. System logs typically provide system-level events that show various system process start/end times, crashes, etc. These are native to systems, and take less configuration to turn on. Audit logs typically include user-level events – when a user logged in, accessed a file, etc. – and take more planning and effort to set up.
+
+Logging records are also critical for incident response. After an attack has been detected, log analysis can help enterprises understand the extent of an attack. Complete logging records can show, for example, when and how the attack occurred, what information was accessed, and if data was exfiltrated. Retention of logs is also critical in case a follow-up investigation is required or if an attack remained undetected for a long period of time.