diff --git a/applications/openshift/networking/configure_network_bandwidth/rule.yml b/applications/openshift/networking/configure_network_bandwidth/rule.yml
new file mode 100644
index 00000000000..351bcc3032b
--- /dev/null
+++ b/applications/openshift/networking/configure_network_bandwidth/rule.yml
@@ -0,0 +1,39 @@
+documentation_complete: true
+
+title: 'Limiting Network Bandwidth in Pods'
+
+description: |-
+    Network bandwidth, SHOULD be appropriately reserved and limited.
+
+ocil: |-
+    Network bandwidth is limited at the pod level and can be determined separately according
+    to incoming and outgoing network bandwidth.
+    For more information about limiting network bandwidth on the pod level please refer to the Red Hat documentation:
+    {{{ weblink(link="https://docs.openshift.com/container-platform/4.17/nodes/pods/nodes-pods-configuring.html#nodes-pods-configuring-bandwidth_nodes-pods-configuring") }}}
+
+    Out of the documetation use the example for the network bandwidth configuration of a pod: 
+    <pre>
+    kind: Pod
+    apiVersion: v1
+    metadata:
+      name: hello-openshift
+      annotations:
+        kubernetes.io/ingress-bandwidth: 2M
+        kubernetes.io/egress-bandwidth: 1M
+    spec:
+        containers:
+          - image: openshift/hello-openshift
+            name: hello-openshift
+    </pre>
+
+severity: unknown
+
+identifiers:
+    cce@ocp4: CCE-87610-2
+   
+ocil_clause: 'Limiting Pod network bandwidth on OCP 4'
+
+rationale: |-
+    Extend pod configuration with network bandwidth annotations to prevent
+    a bad actor or a malfunction in the pod to consume all the bandwidth in the cluster.
+    A network bandwidth limitation on the pod level can mitigate the bearing onto the cluster.
diff --git a/controls/bsi_sys_1_6.yml b/controls/bsi_sys_1_6.yml
index 01a4fda1616..4fcddeba294 100644
--- a/controls/bsi_sys_1_6.yml
+++ b/controls/bsi_sys_1_6.yml
@@ -401,13 +401,35 @@ controls:
     levels:
     - standard
     description: >-
-      Resources on the host system such as CPU, volatile and persistent memory, and network
-      bandwidth SHOULD be appropriately reserved and limited for each container. How the
+      (1) Resources on the host system such as CPU, volatile and persistent memory, and network
+      bandwidth SHOULD be appropriately reserved and limited for each container. (2) How the
       system should react if these limits are exceeded SHOULD be defined and documented.
     notes: >-
-      ToDo
-    status: manual
-    #rules:
+      Section 1: OpenShift supports the configuration of quotas for a project (client).
+      Applications can have their resources appropriately limited using limits/requests.
+      Network bandwidth is limited at the pod level and can be determined separately according
+      to incoming and outgoing network bandwidth. In addition, outgoing traffic (egress) can be
+      marked at the namespace level with differentiated services code point (DSCP) classifications
+      in order to assign quality of service classes to the outgoing packets in the physical network.
+      Section 2: This requirement must be implemented organizationally.
+      Note: The behavior of OpenShift completely replicates the standard behavior of Kubernetes.
+      If CPU limits are exceeded, the process is slowed down. If volatile memory is exceeded,
+      the process is stopped and restarted by the scheduler. The persistent memory management
+      is responsible for exceeding the persistent memory - OpenShift will not enforce or limit
+      anything here. Compliance with the limited network bandwidth is enforced by dropping
+      packets that exceed the limit.
+    status: automated
+    rules:
+      # Section 1
+      - project_config_and_template_resource_quota
+      - project_template_resource_quota
+      - resource_requests_limits_in_daemonset
+      - resource_requests_limits_in_deployment
+      - resource_requests_limits_in_statefulset
+      - resource_requests_quota
+      - resource_requests_quota_cluster
+      - resource_requests_quota_per_project
+      - configure_network_bandwidth
 
   - id: SYS.1.6.A16
     title: Administrative Remote Access to Containers
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 33debb230d4..e3d2ddd1de8 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -640,7 +640,6 @@ CCE-87595-5
 CCE-87597-1
 CCE-87600-3
 CCE-87603-7
-CCE-87610-2
 CCE-87611-0
 CCE-87612-8
 CCE-87613-6