You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Work Item:
Discussion with Dave, Aaron, Craig
There may be an issue around security control tagging already in the queue
Adding ITSG/NIST label into the yaml with git pre-commit readme section auto-generation on commits to extract out a report per commit
September 26, 2022 at 8:59:04 AM GMT-4 | Open RDP port | Firewall rules should not allow connections from all IP addresses on TCP or UDP port 3389 | 179 | | CIS 1.0 : 3.7CIS 1.1 : 3.7CIS 1.2 : 3.7PCI : 1.2.1NIST : SC-7ISO : A.13.1.1
-- | -- | -- | -- | -- | --
September 26, 2022 at 8:59:04 AM GMT-4
[Open RDP port]() [Firewall rules should not allow connections from all IP addresses on TCP or UDP port 3389]() [179]()
CIS 1.0 : 3.7CIS 1.1 : 3.7CIS 1.2 : 3.7PCI : 1.2.1NIST : SC-7ISO : A.13.1.1
Implement security control tagging/labeling inside the kubernetes yaml files
Add a control stub for the unknown case - If the developer is not able to figure out the exact security control from the list in https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/google-cloud-security-controls.md
then add a child issue to adjust the yaml in the next commit
Examples
To be filled out...
Work Item:
Discussion with Dave, Aaron, Craig
There may be an issue around security control tagging already in the queue
Adding ITSG/NIST label into the yaml with git pre-commit readme section auto-generation on commits to extract out a report per commit
See for example the manually created Code to Controls mapping for one evidence around SC-7 in
https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/google-cloud-security-controls.md#05-data-location
It would be better if we maintained a tag in the yaml around the code
https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/main/solutions/landing-zone/environments/common/guardrails-policies/05-data-location/constraint.yaml#L24
where we can run either a pre-commit and/or a automatic generation of our security control posture via either in-line github actions workflow https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/main/.github/workflows/landing-zone-validation.yaml or offline report generation - similar to what is generated in Security Command Center Premium (compliance and vulnerabilities)
security/command-center/vulnerabilities?organizationId
see TF reference GoogleCloudPlatform/pbmm-on-gcp-onboarding#180
The text was updated successfully, but these errors were encountered: