added rules

controls/bsi_sys_1_6.yml

@@ -456,8 +456,23 @@ controls:
       These SCCs should never be given to application containers.
       Section 4: These exceptions must be documented in the operational documentation.
       A list of pods with the corresponding SCC annotation can serve as the basis for the documentation.
-    status: manual
-    #rules:
+    status: partial
+    rules:
+    # Section 1 and 3
+      - scc_drop_container_capabilities
+      - scc_limit_container_allowed_capabilities
+      - scc_limit_host_dir_volume_plugin
+      - scc_limit_host_ports
+      - scc_limit_ipc_namespace
+      - scc_limit_net_raw_capability
+      - scc_limit_network_namespace
+      - scc_limit_privilege_escalation
+      - scc_limit_privileged_containers
+      - scc_limit_process_id_namespace
+      - scc_limit_root_containers
+      # Section 2
+      - sandboxed_containers_operator_exists
+      - sandboxed_containers_operator_configured
 
   - id: SYS.1.6.A18
     title: Application Services Accounts