As the thesis working title suggests, "Review, comparison and design of the compliance tool automating computer security requirements" can be take many turns and I would be interested to discuss and ensure, that we are all agreeing on what is most important. (Few questions for a start:)
Automating specific part? Which one? Creating different design strategies to make this tool most useful for the service teams? Using Security Baselines, or developing on top of them? If so, which standards (ASVS, CC, etc.) and scope (CERN-wide, services, servers, case-specific, etc.)? It is most important for me to understand the need so I can target the tool in a way that will be most beneficial and useful for CERN. Let's discuss!