Open fmichaelobrien opened 2 years ago
actually there are some control mappings back from code in
https://github.com/canada-ca/cloud-guardrails/blob/master/EN/01_Protect-Root-Account.md
Meeting with @Chris Carty and @Chris Daoust on DND/SSC security controls - thanks Guys for the pointer to the 3rd repo - missed (need more scrolling) the 1:n code to control mapping for the guardrails subset of the controls for example. We should be able to add labelling in the TF - https://github.com/canada-ca/cloud-guardrails/blob/master/EN/08_Segmentation.md
ie: AC‑4, SC‑7, SC‑7(5) in https://cyber.gc.ca/en/guidance/annex-3a-security-control-catalogue-itsg-33#a31ac4
Add screencap (1 or more) evidence capture for each control
see also https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/2
We need a way to visually and programmatically link code to controls (in addition to control to code) - for human and IAC validation/reporting
For example which terraform module covers SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY
Doc only example: https://github.com/canada-ca/accelerators_accelerateurs-gcp/blob/main/guardrail-details/07-data-in-transit/guardrail-7-in-transit.md https://github.com/canada-ca/cloud-guardrails/blob/master/EN/07_Protect-Data-in-Transit.md
link/label to (I need to verify) SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY https://cyber.gc.ca/en/guidance/annex-3a-security-control-catalogue-itsg-33#a316sc8 ITSG_33_SC_8 and SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT https://cyber.gc.ca/en/guidance/annex-3a-security-control-catalogue-itsg-33#a316sc12 ITSG_33_SC_12
Code example: https://github.com/canada-ca/cloud-guardrails/blob/master/EN/05_Data-Location.md https://github.com/canada-ca/accelerators_accelerateurs-gcp/blob/main/guardrail-details/05-data-location/data-location.md
and https://github.com/canada-ca/accelerators_accelerateurs-gcp/blob/main/deployment-templates/Terraform/guardrails/1-guardrails/org-policy.tf#L6 https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/environments/common/main.tf#L84 link/label to ? SC-7 BOUNDARY PROTECTION ITSG_33_SC_7 https://cyber.gc.ca/en/guidance/annex-3a-security-control-catalogue-itsg-33#a316sc7 or PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS ITSG_33_PE_18 https://cyber.gc.ca/en/guidance/annex-3a-security-control-catalogue-itsg-33#a311pe18