Merge pull request #10615 from jhrozek/SRG-APP-000158-CTR-000390

jhrozek · web-flow · commit fa777d42fe9a · 2023-06-09T12:51:29.000+02:00
SRG-APP-000158-CTR-000390: Add supporting evidence to an Inherently Met rule
diff --git a/controls/srg_ctr/SRG-APP-000158-CTR-000390.yml b/controls/srg_ctr/SRG-APP-000158-CTR-000390.yml
@@ -5,3 +5,12 @@ controls:
   title: {{{ full_name }}} must uniquely identify all network-connected nodes
     before establishing any connection.
   status: inherently met
+  artifact_description: |-
+    Supporting evidence is in the following documentation
+    https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/node-certificates.html
+  status_justification: |-
+    Internal components are secured with two-way TLS.
+    https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/node-certificates.html
+    Node certificates are signed by the cluster; they come from a certificate authority (CA) that is generated by the bootstrap process. Once the cluster is installed, the node certificates are auto-rotated.
+    Node certificates are managed by the cluster and not the user
+
