POAMs for Docker Images

old.reddit.com / @/u/Adventurous_Pin6846, https://old.reddit.com/user/Adventurous_Pin6846

I am tasked with creating a POAM for our monthly FedRAMP CVE scans. We are running container images on EKS.

If the same CVE shows up in multiple container images do I need to enter it once or for every distinct container image that gets flagged?

Also, does anybody know how to find out what the corresponding NIST 800-53 control is for a CVE? I checked the NVD CVE JSON API and they provide the CWE but not control

submitted by /u/Adventurous_Pin6846
[link] [comments]

published 4 months ago


Previous

Has anybody published crosswalk for DORA ( Digital operational resilience act) and NIST SP 800-53 Rev5. Any help in this direction would be greatly appreciated.
published 4 months ago

Next

LOE for assessing NIST 800-53 controls
published 3 months ago
See all items from the same source