Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define a Standard for the security of the Operation System Layer #791

Open
5 tasks
josephineSei opened this issue Oct 28, 2024 · 0 comments
Open
5 tasks

Define a Standard for the security of the Operation System Layer #791

josephineSei opened this issue Oct 28, 2024 · 0 comments
Labels
SCS-VP10 Related to tender lot SCS-VP10 security Issues or pull requests that are security-relevant standards Issues / ADR / pull requests relevant for standardization & certification

Comments

@josephineSei
Copy link
Contributor

In #749 we are standardizing the security of the software of the IaaS Layer.

But integrating security patches and updates are not solely done on one layer, but need to be accomplished by CSPs on all Layers.

This issue should investigate which measures should be done on the Operating System layer to prevent and deal with security issues.
This Layer includes all software above the hardware layer and beneath the IaaS Layer. So this would also include Kubernetes or Docker that is used to contain the services of the IaaS Layer.
It should be included, how CSPs could get information about potential security issues.
How fast they should respond according to the severity? (see C5 criteria catalog with timeframes for responses on page 75. )

Definition of Done:

Please refer to scs-0001-v1 for details.

  • Proposal has been written with name of the form scs-xxxx-v1-slug.md (only substitute slug)
  • Proposal has the fields status, type, track set
  • Proposal has been voted upon in the corresponding team
  • Status has been changed into Draft, file renamed: xxxx replaced by document number
  • If applicable: test script has been written (this item may be moved into a separate issue so long as the state is Draft)
@josephineSei josephineSei added security Issues or pull requests that are security-relevant standards Issues / ADR / pull requests relevant for standardization & certification SCS-VP10 Related to tender lot SCS-VP10 labels Oct 28, 2024
@josephineSei josephineSei mentioned this issue Oct 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
SCS-VP10 Related to tender lot SCS-VP10 security Issues or pull requests that are security-relevant standards Issues / ADR / pull requests relevant for standardization & certification
Projects
Sovereign Cloud Stack
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@josephineSei