Merge pull request #10615 from jhrozek/SRG-APP-000158-CTR-000390

SRG-APP-000158-CTR-000390: Add supporting evidence to an Inherently Met rule
ComplianceAsCode · Jun 9, 2023 · fa777d4 · fa777d4
2 parents f08027a + 1e5573d
commit fa777d4
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/controls/srg_ctr/SRG-APP-000158-CTR-000390.yml b/controls/srg_ctr/SRG-APP-000158-CTR-000390.yml
@@ -5,3 +5,12 @@ controls:
  title: {{{ full_name }}} must uniquely identify all network-connected nodes
  before establishing any connection.
  status: inherently met
+ artifact_description: |-
+ Supporting evidence is in the following documentation
+ https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/node-certificates.html
+ status_justification: |-
+ Internal components are secured with two-way TLS.
+ https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/node-certificates.html
+ Node certificates are signed by the cluster; they come from a certificate authority (CA) that is generated by the bootstrap process. Once the cluster is installed, the node certificates are auto-rotated.
+ Node certificates are managed by the cluster and not the user
+