Skip to content

Add BSI-TR-03185-2 reference IDs to OSPS-AC.yaml #461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SecurityCRob wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add BSI-TR-03185-2 reference IDs to OSPS-AC.yaml #461

SecurityCRob wants to merge 1 commit into from

Conversation

@SecurityCRob
Copy link
Contributor

@SecurityCRob SecurityCRob commented Jan 13, 2026

adding mappings for BSI

@SecurityCRob
Add BSI-TR-03185-2 reference IDs to OSPS-AC.yaml
0a0e390 
adding mappings for BSI

Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
This was referenced Jan 13, 2026
Open
Open
@SecurityCRob
Copy link
Contributor Author

SecurityCRob commented Jan 13, 2026
edited
Loading

depends on:
#459
#460

related to:
#461
#462
#463
#464
#465
#466
#467

This was referenced Jan 13, 2026
Open
Open
Open
Open
Open
Open
eddie-knight
eddie-knight approved these changes Jan 16, 2026
View reviewed changes
baseline/OSPS-AC.yaml
Comment on lines +76 to +78
- reference-id: BSI-TR-03185-2
entries:
- reference-id: GV.01
Copy link
Contributor

@eddie-knight eddie-knight Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BSI GV.01 states:

Information on how to contribute to the project MUST be documented.
Information about the expected quality of contributions SHOULD be
given.

This documentation requirement does not appear to be relevant to OSPS-AC-01, which pertains to mandatory enforcement of multi-factor authentication.

baseline/OSPS-AC.yaml
- reference-id: Claim 2.2.2
- reference-id: BSI-TR-03185-2
entries:
- reference-id: QA.06
Copy link
Contributor

@eddie-knight eddie-knight Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BSI QA-06 states:

All changes to the source code SHOULD be peer-reviewed.

This seems more similar to OSPS-QA-07.01: "When a commit is made to the primary branch, the project's version control system MUST require at least one non-author human approval of the changes before merging."

I can see a loose mapping to branch protection, but it's pretty weak compared to QA-07. Do we want to keep multiple outgoing mappings?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eddie-knight eddie-knight eddie-knight approved these changes

@funnelfiasco funnelfiasco Awaiting requested review from funnelfiasco

@puerco puerco Awaiting requested review from puerco

@evankanderson evankanderson Awaiting requested review from evankanderson

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SecurityCRob @eddie-knight