diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml index 9b55dec984e1..d9e2ad0d6e19 100644 --- a/controls/bsi_app_4_4.yml +++ b/controls/bsi_app_4_4.yml @@ -354,11 +354,16 @@ controls: levels: - elevated description: >- - (1) There SHOULD be an automated audit that checks the settings of nodes, of Kubernetes, and of the pods of applications against a defined list of allowed settings and standardised benchmarks. - (2) Kubernetes SHOULD enforce these established rules in each cluster by connecting appropriate tools. + (1) There SHOULD be an automated audit that checks the settings of nodes, of Kubernetes, and + of the pods of applications against a defined list of allowed settings and standardised + benchmarks. + (2) Kubernetes SHOULD enforce these established rules in each cluster by connecting + appropriate tools. notes: >- - Section 1 is addressed by the compliance operator itself. The standardized Benchmarks can be just the BSI Profile, or additionally a hardening standard like the CIS Benchmark. - Section 2 can be addressed by using auto-remediation of compliance-operator or for workloads by using Advanced Cluster Security or similar tools. + Section 1 is addressed by the compliance operator itself. The standardized Benchmarks can be + just the BSI Profile, or additionally a hardening standard like the CIS Benchmark. + Section 2 can be addressed by using auto-remediation of compliance-operator or for workloads + by using Advanced Cluster Security or similar tools. status: automated rules: - scansettingbinding_exists @@ -388,7 +393,8 @@ controls: levels: - elevated description: >- - Applications with very high protection needs SHOULD each use their own Kubernetes clusters or dedicated nodes that are not available for other applications + Applications with very high protection needs SHOULD each use their own Kubernetes clusters + or dedicated nodes that are not available for other applications notes: '' status: manual rules: @@ -399,11 +405,15 @@ controls: levels: - elevated description: >- - The automation of operational tasks in operators SHOULD be used for particularly critical applications and control plane programs. + The automation of operational tasks in operators SHOULD be used for particularly critical + applications and control plane programs. notes: >- - OpenShift relies consistently on the application of the concept of operators. The platform itself is operated and managed 100% by operators, meaning that all internal components of the platform are rolled out and managed by operators. + OpenShift relies consistently on the application of the concept of operators. The platform + itself is operated and managed 100% by operators, meaning that all internal components of + the platform are rolled out and managed by operators. - Application-specific operators must be considered as part of application development and deployment. + Application-specific operators must be considered as part of application development and + deployment. status: inherently met rules: []