Skip to content

Commit

Permalink
Implement rules for CIS OCP Section 5.5
Browse files Browse the repository at this point in the history
Now that we have a profile and control files for CIS 1.4.0, we can start
wiring up the existing rules.

This commit ports all the existing rules we were using for the CIS
OpenShift profile into the CIS 1.4.0 version.
  • Loading branch information
rhmdnd committed Jul 14, 2023
1 parent 6bde8f5 commit c1c4687
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ ocil: |-
make sure the output is not empty and matches the registries that you wish to allow.
references:
cis@ocp4: '5.5.1'
nist: CM-5(3),CM-7(2),CM-7(5),CM-11
srg: SRG-APP-000456-CTR-001125

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ rationale: |-
severity: medium

references:
cis@ocp4: '5.5.1'
nist: CM-5(3),CM-7(2),CM-7(5),CM-11
srg: SRG-APP-000456-CTR-001125

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ identifiers:
cce@ocp4: CCE-86123-7

references:
cis@ocp4: '5.5.1'
nist: CM-5(3)
srg: SRG-APP-000014-CTR-000035

Expand Down
12 changes: 8 additions & 4 deletions controls/cis_ocp_1_4_0/section-5.yml
Original file line number Diff line number Diff line change
Expand Up @@ -147,14 +147,18 @@ controls:
levels: level_2
- id: '5.5'
title: Extensible Admission Control
status: pending
status: automated
rules: []
controls:
- id: 5.5.1
title: Configure Image Provenance using image controller configuration parameters
status: pending
rules: []
levels: level_2
status: automated
rules:
- ocp_allowed_registries
- ocp_allowed_registries_for_import
- ocp_insecure_registries
- ocp_insecure_allowed_registries_for_import
level: level_2
- id: '5.7'
title: General Policies
status: partial
Expand Down

0 comments on commit c1c4687

Please sign in to comment.