Defined notes for BSI SYS.1.6.A10,11 and APP.4.4.A12

ComplianceAsCode · Oct 4, 2024 · 4214d89 · 4214d89
1 parent 0d49015
commit 4214d89
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 13 deletions.
diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml
@@ -335,13 +335,13 @@ controls:
     levels:
     - standard
     description: >-
-      If a separate registry for images or automation software, persistent volume management,
+      (1) If a separate registry for images or automation software, persistent volume management,
       configuration file storage, or similar is in use, its protection SHOULD at least consider:
-        • Use of personal and service accounts for access
-        • Encrypted communication on all network ports
-        • Restrictive assignment of permissions to user and service accounts
-        • Logging of changes
-        • Regular data backups.
+        (2) • Use of personal and service accounts for access
+        (3) • Encrypted communication on all network ports
+        (4) • Restrictive assignment of permissions to user and service accounts
+        (5) • Logging of changes
+        (6) • Regular data backups.
     notes: >-
       This requirement needs to be adressed in the respective separate systems.
       However, one requirement (Encrypted communication on all network ports) can partitially be

diff --git a/controls/bsi_sys_1_6.yml b/controls/bsi_sys_1_6.yml
@@ -333,24 +333,22 @@ controls:
     levels:
     - standard
     description: >-
-      A policy SHOULD be established and applied that specifies the requirements for container
-      operation and permitted images. The policy SHOULD also include requirements for the
+      (1) A policy SHOULD be established and applied that specifies the requirements for container
+      operation and permitted images. (2) The policy SHOULD also include requirements for the
       operation and deployment of images.
     notes: >-
-      ToDo
+      These requirements must be implemented organizationally.
     status: manual
-    #rules:
 
   - id: SYS.1.6.A11
     title:  Only One Service per Container
     levels:
     - standard
     description: >-
-      Each container SHOULD only provide one service at a time.
+      (1) Each container SHOULD only provide one service at a time.
     notes: >-
-      ToDo
+      This requirement must be implemented organizationally.
     status: manual
-    #rules:
 
   - id: SYS.1.6.A12
     title: Distribution of Secure Images