Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update notes of the R36 requirement for ANSSI #11639

Merged

Conversation

vojtapolasek
Copy link
Collaborator

Description:

  • describe the reason why configuring umask for services is not automatable.

Rationale:

  • ANSSI alignment

@vojtapolasek vojtapolasek added the ANSSI ANSSI Benchmark related. label Mar 1, 2024
@vojtapolasek vojtapolasek added this to the 0.1.73 milestone Mar 1, 2024
Copy link

github-actions bot commented Mar 1, 2024

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

Copy link

github-actions bot commented Mar 1, 2024

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11639

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11639

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11639 make deploy-local

controls/anssi.yml Outdated Show resolved Hide resolved
Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description is fine. I just wonder if the status could not be moved to "automated" instead of "partial". I understood that part of the requirement can be automated and part is manual. The part that can be automated is already automated. So, leaving the status as partial may create the impression that more automation is still possible and is pending.

@vojtapolasek
Copy link
Collaborator Author

I am glad you ask, because I had similar tendencies. But from the description of statuses in the devel guide, this was not clear for me. I suggest we update this guide to explicitly state that "automated" means that what could be automated with regards to the control, is automated. There might be cases when the control is phrased in a way so that it just can't be automated completely. I can do a separate PR if you agree.

Copy link

codeclimate bot commented Mar 1, 2024

Code Climate has analyzed commit ffceb64 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.8% (0.0% change).

View more on Code Climate.

@marcusburghardt
Copy link
Member

I am glad you ask, because I had similar tendencies. But from the description of statuses in the devel guide, this was not clear for me. I suggest we update this guide to explicitly state that "automated" means that what could be automated with regards to the control, is automated. There might be cases when the control is phrased in a way so that it just can't be automated completely. I can do a separate PR if you agree.

Sure, it would be good to clarify how to proceed in cases like this in the Devel Guide. I don't think we have many similar cases, but when we have, an agreement on how to proceed would be good.

Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. We discussed an update in Devel Guide to clarify how to proceed with the status field when everything possible to be automated is already automated but part of the same requirement is manual.

@marcusburghardt marcusburghardt self-assigned this Mar 1, 2024
@marcusburghardt marcusburghardt merged commit d1c752a into ComplianceAsCode:master Mar 1, 2024
44 checks passed
@Mab879 Mab879 added Update Profile Issues or pull requests related to Profiles updates. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ANSSI ANSSI Benchmark related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants