CMP-2461: Requirement 9 is not applicable #12166
Conversation
Managing the physical security of POI and media with cardholder data is not in scope for OpenShift.
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
Code Climate has analyzed commit 2ead421 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
| controls: | ||
| - id: 9.4.1 | ||
| title: All media with cardholder data is physically secured. | ||
| description: |- | ||
| Media with cardholder data cannot be accessed by unauthorized personnel. | ||
| levels: | ||
| - base | ||
| status: pending | ||
| status: not applicable |
There was a problem hiding this comment.
I was wondering whether this requirement isn't actually manual, instead of not applicable
There was a problem hiding this comment.
I could see several of these controls being manual if you consider the physical perspective (e.g., you need to build fences around your cluster to meet requirement 9.2).
Marking them as manual seems to align with what RHEL did. Either way, I don't think these statuses will show up in the actual operator since they're not backed by any rules.
|
/lgtm |
1 similar comment
|
/lgtm |
Description:
9is not applicable for OpenShiftRationale: