Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-971

[SA-4(8)]: Create a check that ensures a ScanSettingBinding (or scan/suite) exist in the cluster

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • 1
    • False
    • False
    • OCPPLAN-6104 - FedRAMP moderate controls
    • Undefined
    • CMP Sprint 30

      SA-4(8) says:

      The organization requires the developer of the information system, system component, or information system service to produce a plan for the continuous monitoring of security control effectiveness that contains [Assignment: organization-defined level of detail].

      Supplemental Guidance: The objective of continuous monitoring plans is to determine if the complete set of planned, required, and deployed security controls within the information system, system component, or information system service continue to be effective over time based on the inevitable changes that occur. Developer continuous monitoring plans include a sufficient level of detail such that the information can be incorporated into the continuous monitoring strategies and programs implemented by organizations.

       

      This could be addressed by having a rule that ensures that there exists a ScanSettingBinding or a Suite or a Scan that runs periodically.

       

      Acceptance criteria:

      • there exists a rule that ensures that CO is installed
      • there exists a rule that ensures that a suite/scan/scansettingbinding exists with scheduled execution

              josorior@redhat.com Juan Antonio Osorio (Inactive)
              jhrozek@redhat.com Jakub Hrozek (Inactive)
              Prashant Dhamdhere Prashant Dhamdhere (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: