Skip to content

BSI IT-Grundschutz (Basic Protection) Building Block SYS.1.6 and APP.4.4

Rules and Groups employed by this XCCDF Profile

  • Configure the Certificate for the API Server

    To ensure the API Server utilizes its own TLS certificates, the <code>tls-cert-file</code> must be configured. Verify that the <code>apiServerArgum...
    Rule Medium Severity
  • Use Strong Cryptographic Ciphers on the API Server

    To ensure that the API Server is configured to only use strong cryptographic ciphers, verify the <code>openshift-kube-apiserver</code> configmap co...
    Rule Medium Severity
  • Configure the Certificate Key for the API Server

    To ensure the API Server utilizes its own TLS certificates, the <code>tls-private-key-file</code> must be configured. Verify that the <code>apiServ...
    Rule Medium Severity
  • Ensure APIServer is not configured with Old tlsSecurityProfile

    The configuration <code>tlsSecurityProfile</code> specifies TLS configurations to be used while establishing connections with the externally expose...
    Rule Medium Severity
  • OpenShift etcd Settings

    Contains rules that check correct OpenShift etcd settings.

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
