OCP4: Add container_security_operator_exists to PCIDSS profile

This pr adds container_security_operator_exists rule to PCI-DSS 4.0 8.6.1,8.6.2,8.6.3

applications/openshift/risk-assessment/container_security_operator_exists/rule.yml

@@ -30,6 +30,7 @@ rationale: |-
 references:
   nist: CM-6(b)
   srg: SRG-APP-000516-CTR-001335
+  pcidss: Req-8.6.1, Req-8.6.2, Req-8.6.3
 
 identifiers:
   cce@ocp4: CCE-90613-1

controls/pcidss_4_ocp4.yml

@@ -2002,13 +2002,14 @@ controls:
         - Every action taken is attributable to an individual user.
       levels:
         - base
-      status: pending
+      status: automated
       notes: |-
         This requirement is related to 2.2.2, 2.2.6, 8.2.1 and 8.2.2. Specifically on 8.2.2 system
         accounts usage is restricted. Exceptions to system accounts should be manually checked to
         ensure the requirements in description. This requirement although implements some extra
         controls regarding root account.
-      rules: []
+      rules:
+        - container_security_operator_exists
 
     - id: 8.6.2
       title: Passwords/passphrases for any application and system accounts that can be used for
@@ -2019,7 +2020,9 @@ controls:
         unauthorized personnel.
       levels:
         - base
-      status: pending
+      status: automated
+      rules:
+        - container_security_operator_exists
 
     - id: 8.6.3
       title: Passwords/passphrases for any application and system accounts are protected against
@@ -2032,9 +2035,11 @@ controls:
         frequently the entity changes the passwords/passphrases.
       levels:
         - base
-      status: pending
+      status: automated
       notes: |-
         Related to requirements 8.3.6 and 8.3.9.
+      rules:
+        - container_security_operator_exists
 
   - id: '9.1'
     title: Processes and mechanisms for restricting physical access to cardholder data are defined