Define notes and rules for BSI APP.4.4.A12

sig-bsi-grundschutz · Dec 18, 2023 · 1b5f76e · 1b5f76e
1 parent cf0ae8c
commit 1b5f76e
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/applications/openshift/registry/ocp_insecure_allowed_registries_for_import/rule.yml b/applications/openshift/registry/ocp_insecure_allowed_registries_for_import/rule.yml
@@ -34,6 +34,7 @@ references:
     cis@ocp4: '5.5.1'
     nist: CM-5(3)
     srg: SRG-APP-000014-CTR-000035
+    bsi: APP.4.4.A12
 
 ocil_clause: 'allowedRegistriesForImport is configured with insecure option for image access'
 

diff --git a/applications/openshift/registry/ocp_insecure_registries/rule.yml b/applications/openshift/registry/ocp_insecure_registries/rule.yml
@@ -30,6 +30,7 @@ references:
     cis@ocp4: '5.5.1'
     nist: CM-5(3)
     srg: SRG-APP-000014-CTR-000035
+    bsi: APP.4.4.A12
 
 ocil_clause: 'insecure registry sources is configured for image access'
 

diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml
@@ -217,9 +217,12 @@ controls:
         • Logging of changes
         • Regular data backups.
     notes: >-
-      TBD
-    status: pending
-    rules: []
+      This requirement needs to be adressed in the respective separate systems.
+      However, one requirement can be checked automated: Encrypted communication all image registries.
+    status: automated
+    rules:
+      - ocp_insecure_registries
+      - ocp_insecure_allowed_registries_for_import
 
   - id: APP.4.4.A13
     title: Automated Configuration Auditing