Skip to content

Commit

Permalink
add network separation rule to A14
Browse files Browse the repository at this point in the history
  • Loading branch information
sluetze committed Oct 8, 2024
1 parent 5c5aaa6 commit 2bde234
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ ocil_clause: 'Network separation needs review'

ocil: |-
Create separate Ingress Controllers for the API and your Applications. Also setup your environment in a way, that Control Plane Nodes are in another network than your worker nodes. If you implement multiple Nodes for different purposes evaluate if these should be in different network segments (i.e. Infra-Nodes, Storage-Nodes, ...).
Also evaluate how you handle outgoing connections and if they have to be pinned to
specific nodes or IPs.
1 change: 1 addition & 0 deletions controls/bsi_app_4_4.yml
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,7 @@ controls:
rules:
# Section 1,2,3,4
- general_node_separation
- general_network_separation
# Section 2
- configure_egress_ip_node_assignable
# Section 3
Expand Down

0 comments on commit 2bde234

Please sign in to comment.