JonZeolla
commented
1 year ago Is it a fair summary to say that there are only 3 additional controls in the CNSWP v2 vs v1? Meaning that CNSWP v2 is a true superset of v1
Closed pratiklotia closed 8 months ago
JonZeolla
commented
1 year ago Is it a fair summary to say that there are only 3 additional controls in the CNSWP v2 vs v1? Meaning that CNSWP v2 is a true superset of v1
JonZeolla
commented
1 year ago @pratiklotia please rebase on main
JonZeolla
commented
1 year ago @pratiklotia when you get a chance can you please give this PR some love? Thanks!
Background
I created a new doc v1.1 to include the updates from CNSWPv2. I also added a changelog to indicate what has been added compared to v1.
Note to Reviewers
(1) For now, any new controls have been added at the end of the doc. While adding them in the respective locations would be recommended, I'm concerned that it leads to 'ID' being updated for all other controls and that would be difficult to keep a track/update dependent frameworks (2) CNSWPv2 recommends several SSCP best practices as well as GitOps best practices which are already covered in SSCP controls. (check (3) & (4) in the changelog file). Do we think we should add each control separately again as a part of CNSWP or since it is covered in SSDP, it is fine?