frun-csa-policies-best-practices
frun-csa-policies-best-practices copied to clipboard
SAP-samples
Best practices check examples for creating CSA policies in SAP Focused Run
When you look at chapter 2.2.1.4.2 "[MSGSRV-J]: Message Server Security" it says: The rules from MSGSRV-A apply for Java systems as well. However when we look at [MSGSRV-A](https://github.com/SAP-samples/frun-csa-policies-best-practices/blob/main/BaselinePolicies/SOS/v2.2/ABAP_SYSTEM/BL2_MSGSRV-A.xml) it seems...
Please include the extended policy for note 3089413 published currently at https://help.sap.com/docs/SUPPORT_CONTENT/security/3362974404.html in this repo.
Should be 2023-11 instead of 2023-09 for both desc and id. https://github.com/SAP-samples/frun-csa-policies-best-practices/blob/3e40760211128cd774549b991d6293a512a0b6cc/NotesPolicies/HANA/HANASecNotes_2023-11.xml#L15
There are 2 closing ">" at the end of the line. https://github.com/SAP-samples/frun-csa-policies-best-practices/blob/3e40760211128cd774549b991d6293a512a0b6cc/NotesPolicies/HANA/HANASecNotes_2023-09.xml#L44
Hi, the check for note 3150454 seems not be correct. The note is included in [SAPK-75309INSAPBASIS (https://me.sap.com/supportpackage/SAPK-75309INSAPBASIS) and therefore the SP9 mus be compliant which is not the case with...
in file BaselinePolicies/SOS/v2.4/ABAP_ALL/1ACRITC_CSTO.xml the content of the checkitem contains a duplicate field 'not_found' ``
https://github.com/SAP-samples/frun-csa-policies-best-practices/blame/7eaf09a2495326c29790f169aba72945e4453689/BaselinePolicies/SOS/v2.4/ABAP_ALL/2ANETENC.xml#L96 I might be misinterpreting this but isn't the compliant identical to the non-compliant?
https://github.com/SAP-samples/frun-csa-policies-best-practices/blame/7eaf09a2495326c29790f169aba72945e4453689/BaselinePolicies/SOS/v2.4/ABAP_ALL/2AUSRCTR.xml#L26C6-L26C114 The compliant is OR and the non-compliant is reverse identical but AND. This is faulty.
Metadata
Owner
Metadata
Best practices check examples for creating CSA policies in SAP Focused Run