BSI IT-Grundschutz (Basic Protection) Building Block SYS.1.6 and APP.4.4
Rules and Groups employed by this XCCDF Profile
-
Ensure that the Kube Descheduler operator is deployed
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. No pod sh...Rule Medium Severity -
Set Pod Lifetime for the Deschedulers
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. No pod sh...Rule Medium Severity -
Ensure that all workloads have liveness and readiness probes
Configuring Kubernetes liveness and readiness probes is essential for ensuring the security and reliability of a system. These probes actively moni...Rule Medium Severity -
Enable AutoApplyRemediation for at least One ScanSetting
<a href="https://docs.openshift.com/container-platform/latest/security/compliance_operator/compliance-operator-understanding.html#compliance-operat...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules