+OPS-34 Container Management - Policies and Procedures
---+OPS-34.01B
---+OPS-34.02B
---+OPS-34.01AC
|
1. Übersicht
OPS-34 Container Management - Policies and Procedures
-
| Bezeichnung |
Standard |
|
OPS-34.01B
|
Policies and procedures with technical and organisational measures for the planning and management of containers are documented, communicated and provided in accordance with SP-01. These policies and procedures contain specifications for the entire container life cycle regarding at least the following aspects:
1. Image creation, testing, and validation;
2. Image storage and retrieval;
3. Container deployment and management;
4. Container operations; and
5. Decommissioning of images and container.
|
|
OPS-34.02B
|
The policies and procedures describe measures along the life cycle of containers and address at least the following aspects:
1. Containers are inventoried according to a documented process (cf. AM-02, AM-03, AM-09);
2. The need for malware protection is assessed and, if necessary, ensured (cf. OPS-05);
3. Logging and monitoring of events takes place along the container lifecycle and is executed according to a defined logging framework (cf. OPS-10, OPS-12);
4. Cloud service customer data is separated based on a risk assessment (cf. OPS-30);
5. Access to the container host should take place in accordance with a roles and rights framework and a policy for managing access and access authorisations (cf. IAM-01, IAM-06);
6. Data stored on containers and data in transit should be encrypted as far as possible by the provider in accordance with the encryption policy (cf. CRY-01);
7. Measures to ensure network security are established. This includes, for example, measures to detect network anomalies (cf. COS-01 and COS-03) such as unexpected data flows within the network or unwanted access attempts;
8. Changes to containers and images follow a regulated process (cf. DEV-03); and
9. Hardening processes are carried out according to general industry standards to ensure that no unnecessary system services are executed (cf. PSS-11).
|
|
OPS-34.01AC
|
The policies and procedures additionally describe measures along the life cycle of containers that address at least the following aspects:
1. Container images are cryptographically signed and the signing key securely stored (cf. CRY-10) to ensure their authenticity and integrity;
2. Container behaviour is monitored and restricted using runtime security controls; and
3. Software products used for the provision of container images are, where possible, regularly scanned for known vulnerabilities or malicious components in container images and dependencies.
In case of third-party and open source software products used for the provision of container images, scanning procedures comply with the policies and procedures defined in DEV-14.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|