Skip to content

Commit

Permalink
Defined notes and rules for BSI SYS.1.6.A26
Browse files Browse the repository at this point in the history
  • Loading branch information
sluetze authored and lichtblaugue committed Nov 6, 2024
1 parent 14ae93f commit c880d3b
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions controls/bsi_sys_1_6.yml
Original file line number Diff line number Diff line change
Expand Up @@ -589,13 +589,18 @@ controls:
levels:
- elevated
description: >-
If further isolation and encapsulation of containers is required, the following measures
(1) If further isolation and encapsulation of containers is required, the following measures
SHOULD be considered for increased effectiveness:
• Fixed assignment of containers to container hosts
• Execution of the individual containers and/or the container host by means of
(2) • Fixed assignment of containers to container hosts
(3) • Execution of the individual containers and/or the container host by means of
hypervisors
• Fixed assignment of a single container to a single container host
(4) • Fixed assignment of a single container to a single container host
notes: >-
ToDo
Section 1,2,4: OpenShift offers the option of binding containers (in pods) to specific nodes using node labels and node selectors in the deployment descriptors. Section 3: These can also be made available as virtual machines via hypervisors (via IaaS or via OpenShift Sandboxes). This implements all three assignments mentioned in the requirement.
status: manual
#rules:
rules:
# Section 1,2,4
- general_node_separation
# Section 3
- sandboxed_containers_operator_exists
- sandboxed_containers_operator_configured

0 comments on commit c880d3b

Please sign in to comment.