Compliance Automated Standard Solution (COMPASS), Part 4: Topologies of Compliance Policy Administration Centers
In the last post of this multi-part series, we introduced methodologies and technologies for the various compliance personas to collaboratively author compliance artifacts such as regulation catalogs, baselines, profiles, system security plans, etc. These artifacts are automatically translated as code in view of supporting regulated environments enterprise-wide continuous compliance readiness processes in an automated and scalable manner. These artifacts aim to connect the regulatory and standards’ controls with the product vendors and service providers whose products are expected to adhere to those regulations and standards. The compliance as code data model we used is the NIST Open Security Controls Assessment Language (OSCAL) compliance standard framework.
prodtype: ocp4
title: “Configure OAuth server so that tokens expire after a set period of inactivity”
description: |-
<p>
You can configure OAuth tokens to expire after a set period of
inactivity. By default, no token inactivity timeout is set.
</p>
[…]
For more information on configuring the OAuth server, consult the
OpenShift documentation:
{{{ weblink(link=”https://docs.openshift.com/container-platform/4.7/authentication/configuring-oauth-clients.html”) }}}
</p>
[…]
references:
nerc-cip: CIP-004-6 R2.2.3,CIP-007-3 R5.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3
nist: AC-2(5),SC-10
identifiers:
cce@ocp4: CCE-83511-6
ocil_clause: ‘OAuth server inactivity timeout is not configured’
[…]
template:
name: yamlfile_value
vars:
ocp_data: ‘true’
filepath: /apis/config.openshift.io/v1/oauths/cluster
yamlpath: “.spec.tokenConfig.accessTokenInactivityTimeout”
check_existence: “only_one_exists”
    xccdf_variable: var_oauth_inactivity_timeout