Culture and Org. -> Process: Prevention of unauthorized installation
Risk and Opportunity
Risk: Unapproved components are used.
Opportunity: Components must be whitelisted. Regular scans on the docker infrastructure (e.g. cluster) need to be performed, to verify that only standardized base images are used.
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
Implementation hints: Example: All docker images used by teams need to be based on standard images.
Comments: By preventing teams from trying out new components, innovation might be hampered
ISO27001:2017 Controls Mapping: