sig-bsi-grundschutz / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://www.open-scap.org/security-policies/scap-security-guide
Other
7 stars 1 forks source link

SYS.1.6.A25 #25

Open sluetze opened 11 months ago

sluetze commented 3 months ago

If containerized applications have high availability requirements, it SHOULD be decided at which level availability should be implemented (e.g. redundant at the host level).

OpenShift offers this by default (replicas and pod anti-affinities). The applications must support this high availability. Clusters can also be distributed across multiple fire zones (failure zones) within a region/location

sluetze commented 3 months ago

@benruland can you take over the responsibility for this issue? You already implemented the same for APP.4.4 and i guess you only have to adapt your rules.

benruland commented 3 months ago

Sure!

benruland commented 3 weeks ago

I will leave it as a manual check, because the requirement does not state a required level of high availability. The exact requirement is, to decide for an appropriate level, which is an organizational task.

Will however make a note, that checks can be found at APP.4.4.A19: "High Availability of Kubernetes"

benruland commented 3 weeks ago

Created PR: https://github.com/ComplianceAsCode/content/pull/12471

sluetze commented 3 weeks ago

On the other hand we have rules that check for different ha methods, which I think might be useful.

Iirc there is a field related_rules. Do you think it would be helpful to reference the rules there?