Closed pratiklotia closed 8 months ago
Is it a fair summary to say that there are only 3 additional controls in the CNSWP v2 vs v1? Meaning that CNSWP v2 is a true superset of v1
@pratiklotia please rebase on main
@pratiklotia when you get a chance can you please give this PR some love? Thanks!
Background
I created a new doc v1.1 to include the updates from CNSWPv2. I also added a changelog to indicate what has been added compared to v1.
Note to Reviewers
(1) For now, any new controls have been added at the end of the doc. While adding them in the respective locations would be recommended, I'm concerned that it leads to 'ID' being updated for all other controls and that would be difficult to keep a track/update dependent frameworks (2) CNSWPv2 recommends several SSCP best practices as well as GitOps best practices which are already covered in SSCP controls. (check (3) & (4) in the changelog file). Do we think we should add each control separately again as a part of CNSWP or since it is covered in SSDP, it is fine?