SRG-APP-000158-CTR-000390: Add supporting evidence to an Inherently M…

…et rule
ComplianceAsCode · May 23, 2023 · a2cee70 · a2cee70
1 parent 91ba1a5
commit a2cee70
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/controls/srg_ctr/SRG-APP-000158-CTR-000390.yml b/controls/srg_ctr/SRG-APP-000158-CTR-000390.yml
@@ -5,3 +5,11 @@ controls:
  title: {{{ full_name }}} must uniquely identify all network-connected nodes
  before establishing any connection.
  status: inherently met
+ artifact_description: |-
+ Supporting evidence is in the following documentation
+ https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/node-certificates.html
+ status_justification: |-
+ Internal components are secured with two-way TLS.
+ https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/node-certificates.html
+ Node certificates are signed by the cluster; they come from a certificate authority (CA) that is generated by the bootstrap process. Once the cluster is installed, the node certificates are auto-rotated.
+ Node certificates are managed by the cluster and not the user