missing policies which are included in default set of stackrox
some policies are already supplied by default from stackroxx (i.e. require limtis/resources). This policies may change over time, or be disabled by default. They also are not categorized as BSI which makes it harder for a user to see which Policies to enable and to follow. Also Requirements (SYS.1.6.AX and so on) are not referenced in this default policies.
by providing a complete set of policies we enable:
- a) independence of changes in the default policies or enabled/disabled status
- b) implement category
- c) a easy user flow (import all policies and have a complete set for BSI)
to do so we have to
-
copy and customize the policies -
add a reference to the customized policy in the richtlinien projekt