Merge pull request #35937 from MirzWeiss/TELCODOCS-294

vikram-redhat · web-flow · commit 4b764791891d · 2021-10-18T23:09:56.000+10:00
TELCODOCS-294: Created new module for FIPS validation and moved additional resources into RHCOS module
diff --git a/modules/sandboxed-containers-rhcos-extensions.adoc b/modules/sandboxed-containers-rhcos-extensions.adoc
@@ -7,3 +7,7 @@
 = {op-system} extensions
 
 The {sandboxed-containers-operator} is based on the {op-system-first} extensions concept. The sandboxed containers {op-system} extension contains RPMs for Kata, QEMU, and its dependencies. You can enable them by using the `MachineConfig` resources that the Machine Config Operator provides.
+
+.Additional resources
+
+* xref:../post_installation_configuration/machine-configuration-tasks.adoc#rhcos-add-extensions_post-install-machine-configuration-tasks[Adding extensions to RHCOS]
diff --git a/modules/security-compliance-nist.adoc b/modules/security-compliance-nist.adoc
@@ -1,10 +1,17 @@
 // Module included in the following assemblies:
 //
 // * security/container_security/security-compliance.adoc
+// * understanding-sandboxed-containers.adoc
 
 [id="security-compliance-nist_{context}"]
 = Understanding compliance and risk management
 
+ifeval::["{context}" == "understanding-sandboxed-containers"]
+{sandboxed-containers-first} can be used on FIPS enabled clusters.
+
+When running in FIPS mode, {sandboxed-containers-first} components, VMs, and VM images are adapted to comply with FIPS.
+endif::[]
+
 ifndef::openshift-origin[]
 FIPS compliance is one of the most critical components required in
 highly secure environments, to ensure that only supported cryptographic
@@ -19,4 +26,3 @@ endif::openshift-origin[]
 To understand Red Hat's view of {product-title} compliance frameworks, refer
 to the Risk Management and Regulatory Readiness chapter of the
 link:https://access.redhat.com/articles/5059881[OpenShift Security Guide Book].
-
diff --git a/sandboxed_containers/understanding-sandboxed-containers.adoc b/sandboxed_containers/understanding-sandboxed-containers.adoc
@@ -27,7 +27,4 @@ Sandboxed containers are only supported on bare metal.
 include::modules/sandboxed-containers-common-terms.adoc[leveloffset=+1]
 include::modules/sandboxed-containers-building-blocks.adoc[leveloffset=+1]
 include::modules/sandboxed-containers-rhcos-extensions.adoc[leveloffset=+1]
-
-.Additional resources
-
-* xref:../post_installation_configuration/machine-configuration-tasks.adoc#rhcos-add-extensions_post-install-machine-configuration-tasks[Adding extensions to RHCOS]
+include::modules/security-compliance-nist.adoc[leveloffset=+1]
