Before containers are deployed, the goal of the container deployment (e.g. scaling, availability, disposable containers for security or CI/CD) MUST first be determined so that all security-related aspects of installation, operation and decommissioning can be planned.
This requirement must be implemented organizationally.
When planning, the operating costs that arise from container use or mixed operation SHOULD also be taken into account.
This requirement must be implemented organizationally.
The planning MUST be adequately documented.
This requirement must be implemented organizationally.
OpenShift supports all of the goals mentioned. Comprehensive handouts are available to carry out and document the planning of container use, security and compliance, architecture and installation on OpenShift. [SecGuide]
as this is an org-only requirement we cant implement technical checks
as this is an org-only requirement we cant implement technical checks