Skip to content

Commit

Permalink
switch to automatic reference system
Browse files Browse the repository at this point in the history
  • Loading branch information
sluetze committed Jul 16, 2024
1 parent 021d865 commit 879810f
Show file tree
Hide file tree
Showing 22 changed files with 2 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ rationale: |-
severity: medium

references:
bsi: APP.4.4.A3
cis@ocp4: 1.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@ rationale: |-
level. It also allows you control the network flow from and to other namespaces
more easily.
references:
bsi: APP.4.4.A1

severity: medium

ocil_clause: 'Application placement in namespaces needs review'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,6 @@ rationale: |-
follow less strict requirements. An adversary which attacked a lighter protected workload now has
additional obstacles for their movement towards the higher protected workloads.
references:
bsi: APP.4.4.A14,APP.4.4.A15

severity: medium

identifiers:
Expand Down
1 change: 0 additions & 1 deletion applications/openshift/general/kubeadmin_removed/rule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-90387-2

references:
bsi: APP.4.4.A3
cis@ocp4: 3.1.1,5.1.1
nerc-cip: CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-007-3 R.1.3,CIP-007-3 R2,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.1.3,CIP-007-3 R5.2.1,CIP-007-3 R5.2.3,CIP-007-3 R6.1,CIP-007-3 R6.2,CIP-007-3 R6.3,CIP-007-3 R6.4
nist: AC-2(2),AC-2(7),AC-2(9),AC-2(10),AC-12(1),IA-2(5),MA-4,SC-12(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ rationale: |-
severity: medium

references:
bsi: APP.4.4.A3
cis@eks: 3.2.1
cis@ocp4: 4.2.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
Expand Down
1 change: 0 additions & 1 deletion applications/openshift/rbac/rbac_least_privilege/rule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ identifiers:
cce@ocp4: CCE-90678-4

references:
bsi: APP.4.4.A3
cis@ocp4: 5.2.10
nist: AC-3,CM-5(6),IA-2,IA-2(5),AC-6(10),CM-11(2),CM-5(1),CM-7(5)(b)
srg: SRG-APP-000033-CTR-000090,SRG-APP-000033-CTR-000095,SRG-APP-000033-CTR-000100,SRG-APP-000133-CTR-000290,SRG-APP-000133-CTR-000295,SRG-APP-000133-CTR-000300,SRG-APP-000133-CTR-000305,SRG-APP-000133-CTR-000310,SRG-APP-000148-CTR-000350,SRG-APP-000153-CTR-000375,SRG-APP-000340-CTR-000770,SRG-APP-000378-CTR-000880,SRG-APP-000378-CTR-000885,SRG-APP-000378-CTR-000890,SRG-APP-000380-CTR-000900,SRG-APP-000386-CTR-000920
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ identifiers:
cce@ocp4: CCE-86235-9

references:
bsi: APP.4.4.A12
cis@ocp4: '5.5.1'
nist: CM-5(3)
srg: SRG-APP-000014-CTR-000035
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ identifiers:
cce@ocp4: CCE-86123-7

references:
bsi: APP.4.4.A12
cis@ocp4: '5.5.1'
nist: CM-5(3)
srg: SRG-APP-000014-CTR-000035
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,6 @@ ocil: |-
filter will return at least one 'true'. Run the following jq query to identify the non-compliant scansettings objects:
<pre>oc get scansettings -ojson | jq -r '[.items[] | select(.autoApplyRemediation != "" or .autoApplyRemediation != null) | .metadata.name]'</pre>
references:
bsi: APP.4.4.A13

severity: medium

warnings:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ identifiers:
cce@ocp4: CCE-83697-3

references:
bsi: APP.4.4.A13
nerc-cip: CIP-003-8 R1.3,CIP-003-8 R4.3,CIP-003-8 R6,CIP-004-6 4.1,CIP-004-6 4.2,CIP-004-6 R3,CIP-004-6 R4,CIP-004-6 R4.2,CIP-005-6 R1,CIP-005-6 R1.1,CIP-005-6 R1.2,CIP-007-3 R3,CIP-007-3 R3.1,CIP-007-3 R6.1,CIP-007-3 R8.4
nist: CM-6,CM-6(1),RA-5,RA-5(5),SA-4(8)
pcidss: Req-2.2.4
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-90762-6

references:
bsi: APP.4.4.A13
nist: SI-6(b)
srg: SRG-APP-000473-CTR-001175

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-86255-7

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.12
nist: AC-6,AC-6(1)
srg: SRG-APP-000142-CTR-000330
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-84042-1

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ rationale: |-
severity: medium

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.7
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-83492-9

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ rationale: |-
severity: medium

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ rationale: |-
severity: medium

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ rationale: |-
severity: medium

references:
bsi: APP.4.4.A4
cis@ocp4: 5.2.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
Expand Down
2 changes: 2 additions & 0 deletions controls/bsi_app_4_4.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ levels:
inherits_from:
- standard

reference_type: bsi

controls:
- id: APP.4.4.A1
title: Planning the Separation of the Applications
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ identifiers:
cce@rhcos4: CCE-83899-5

references:
bsi: APP.4.4.A4
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01
cui: 3.1.2,3.7.2
Expand Down
1 change: 0 additions & 1 deletion linux_os/guide/system/selinux/selinux_policytype/rule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-91445-7

references:
bsi: APP.4.4.A4
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01
cui: 3.1.2,3.7.2
Expand Down
1 change: 0 additions & 1 deletion linux_os/guide/system/selinux/selinux_state/rule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ identifiers:
cce@sle15: CCE-91446-5

references:
bsi: APP.4.4.A4
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01
cui: 3.1.2,3.7.2
Expand Down

0 comments on commit 879810f

Please sign in to comment.