Define 'security concept'

[aabashkin]

Please expand on 1.4 Verify that each service/application (can consist of multiple containers) has a security concept.

How would you define 'security concept' and could you provide an example?

[disenchant]

@aabashkin thanks a lot for your feedback. With security concept it is meant, that there should be some kind of documentation which indicated e.g. the threats you're protecting the container solution against and how you do it. Depending on the project this can be a single page or a quite extensive document. Anyway, we'll definitely consider adding more information regarding security concepts to the CSVS.