|
|
G.1.1 Organizational security requirements
|
|
|
G.2.5 Asset inventory
|
|
|
P.3.4 Vetted third-party component and container repositories
|
|
|
E.1.3 Multi-factor authentication (MFA)
|
|
|
E.1.4 Developer SSH key
|
|
|
E.2.1 Release policy verification
|
|
|
E.2.3 Defensive compilation and build
|
|
|
E.2.4 CI/CD hosting and automation
|
|
|
E.2.5 Secured orchestration platform
|
|
|
E.3.1 Authentication
|
|
|
E.3.2 Environmental separation
|
|
|
E.3.3 Role-based access control
|
|
|
E.3.4 Information flow enforcement
|
|
|
E.3.5 Baseline configuration
|
|
|
E.3.6 Monitor changes to configuration settings
|
|
|
E.3.7 Boundary protection
|
|
|
E.3.8 Key rotation
|
|
|
E.3.9 Ephemeral credentials
|
|
|
E.3.10 Establish a root of trust
|
|
|
E.3.x Development Environment Scanning Tools
|