From 024b9427df9219dd882bd4c59292fc87502061ce Mon Sep 17 00:00:00 2001
From: sluetze <13255307+sluetze@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:39:36 +0200
Subject: [PATCH] add network separation rule to A14

---
 .../openshift/general/general_network_separation/rule.yml       | 2 ++
 controls/bsi_app_4_4.yml                                        | 1 +
 2 files changed, 3 insertions(+)

diff --git a/applications/openshift/general/general_network_separation/rule.yml b/applications/openshift/general/general_network_separation/rule.yml
index 8144cfc3ffa..87ccb3c8b76 100644
--- a/applications/openshift/general/general_network_separation/rule.yml
+++ b/applications/openshift/general/general_network_separation/rule.yml
@@ -18,3 +18,5 @@ ocil_clause: 'Network separation needs review'
 
 ocil: |-
     Create separate Ingress Controllers for the API and your Applications. Also setup your environment in a way, that Control Plane Nodes are in another network than your worker nodes. If you implement multiple Nodes for different purposes evaluate if these should be in different network segments (i.e. Infra-Nodes, Storage-Nodes, ...).
+    Also evaluate how you handle outgoing connections and if they have to be pinned to
+    specific nodes or IPs.
diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml
index 4e430afe676..e617e078381 100644
--- a/controls/bsi_app_4_4.yml
+++ b/controls/bsi_app_4_4.yml
@@ -406,6 +406,7 @@ controls:
     rules:
       # Section 1,2,3,4
       - general_node_separation
+      - general_network_separation
       # Section 2
       - configure_egress_ip_node_assignable
       # Section 3