From 4214d899fc1c8ccb30c977bc93076556ab365cb9 Mon Sep 17 00:00:00 2001 From: Benjamin Ruland Date: Fri, 4 Oct 2024 11:40:35 +0200 Subject: [PATCH] Defined notes for BSI SYS.1.6.A10,11 and APP.4.4.A12 --- controls/bsi_app_4_4.yml | 12 ++++++------ controls/bsi_sys_1_6.yml | 12 +++++------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml index 98e4e9b9075..0141d8a0bb3 100644 --- a/controls/bsi_app_4_4.yml +++ b/controls/bsi_app_4_4.yml @@ -335,13 +335,13 @@ controls: levels: - standard description: >- - If a separate registry for images or automation software, persistent volume management, + (1) If a separate registry for images or automation software, persistent volume management, configuration file storage, or similar is in use, its protection SHOULD at least consider: - • Use of personal and service accounts for access - • Encrypted communication on all network ports - • Restrictive assignment of permissions to user and service accounts - • Logging of changes - • Regular data backups. + (2) • Use of personal and service accounts for access + (3) • Encrypted communication on all network ports + (4) • Restrictive assignment of permissions to user and service accounts + (5) • Logging of changes + (6) • Regular data backups. notes: >- This requirement needs to be adressed in the respective separate systems. However, one requirement (Encrypted communication on all network ports) can partitially be diff --git a/controls/bsi_sys_1_6.yml b/controls/bsi_sys_1_6.yml index 01a4fda1616..dbba58a301d 100644 --- a/controls/bsi_sys_1_6.yml +++ b/controls/bsi_sys_1_6.yml @@ -333,24 +333,22 @@ controls: levels: - standard description: >- - A policy SHOULD be established and applied that specifies the requirements for container - operation and permitted images. The policy SHOULD also include requirements for the + (1) A policy SHOULD be established and applied that specifies the requirements for container + operation and permitted images. (2) The policy SHOULD also include requirements for the operation and deployment of images. notes: >- - ToDo + These requirements must be implemented organizationally. status: manual - #rules: - id: SYS.1.6.A11 title: Only One Service per Container levels: - standard description: >- - Each container SHOULD only provide one service at a time. + (1) Each container SHOULD only provide one service at a time. notes: >- - ToDo + This requirement must be implemented organizationally. status: manual - #rules: - id: SYS.1.6.A12 title: Distribution of Secure Images