What are you using to rate severity in the security scan? Is there a full list of checks being performed?
I recommend having both resources in your documentation. If you're referencing another document, link to it. That way there's some context to the results as to why a policy author should change it. Just something to add to the improvement list.
What are you using to rate severity in the security scan? Is there a full list of checks being performed?
I recommend having both resources in your documentation. If you're referencing another document, link to it. That way there's some context to the results as to why a policy author should change it. Just something to add to the improvement list.
Looks good overall! Thanks for sharing!