You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/compliance-supported-profiles.adoc
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,6 +43,14 @@ The Compliance Operator provides the following compliance profiles:
43
43
|link:https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx[North American Electric Reliability Corporation (NERC)]
44
44
|0.1.44+
45
45
46
+
|ocp4-pci-dss
47
+
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI-DSS v3.2.1 Control Baseline for Red Hat OpenShift Container Platform 4]
48
+
|0.1.47+
49
+
50
+
|ocp4-pci-dss-node
51
+
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI-DSS v3.2.1 Control Baseline for Red Hat OpenShift Container Platform 4]
52
+
|0.1.47+
53
+
46
54
|rhcos4-e8
47
55
|link:https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers[Australian Cyber Security Centre (ACSC) Essential Eight]
Copy file name to clipboardExpand all lines: security/compliance_operator/compliance-operator-release-notes.adoc
+32-3Lines changed: 32 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,12 +12,40 @@ These release notes track the development of the Compliance Operator in the {pro
12
12
13
13
For an overview of the Compliance Operator, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator].
14
14
15
+
[id="compliance-operator-release-notes-0-1-47"]
16
+
== OpenShift Compliance Operator 0.1.47
17
+
18
+
The following advisory is available for the OpenShift Compliance Operator 0.1.47:
* The Compliance Operator now supports the following compliance benchmarks for the Payment Card Industry Data Security Standard (PCI DSS):
26
+
+
27
+
** ocp4-pci-dss
28
+
** ocp4-pci-dss-node
29
+
30
+
* Additional rules and remediations for FedRAMP moderate impact level are added to the OCP4-moderate, OCP4-moderate-node, and rhcos4-moderate profiles.
31
+
32
+
* Remediations for KubeletConfig are now available in node-level profiles.
* Previously, if your cluster was running {product-title} 4.6 or earlier, remediations for USBGuard-related rules would fail for the moderate profile. This is because the remediations created by the Compliance Operator were based on an older version of USBGuard that did not support drop-in directories. Now, invalid remediations for USBGuard-related rules are not created for clusters running {product-title} 4.6. If your cluster is using {product-title} 4.6, you must manually create remediations for USBGuard-related rules.
38
+
+
39
+
Additionally, remediations are created only for rules that satisfy minimum version requirements. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1965511[*BZ#1965511*])
40
+
41
+
* Previously, when rendering remediations, the compliance operator would check that the remediation was well-formed by using a regular expression that was too strict. As a result, some remediations, such as those that render `sshd_config`, would not pass the regular expression check and therefore, were not created. The regular expression was found to be unnecessary and removed. Remediations now render correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2033009[*BZ#2033009*])
42
+
15
43
[id="compliance-operator-release-notes-0-1-44"]
16
44
== OpenShift Compliance Operator 0.1.44
17
45
18
46
The following advisory is available for the OpenShift Compliance Operator 0.1.44:
19
47
20
-
* link:https://access.redhat.com/errata/RHBA-2021:4530[RHBA-2021:4530 OpenShift Compliance Operator Bug Fix and Enhancement Update]
@@ -44,6 +72,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.44
44
72
+
45
73
* In this release, the Compliance Operator supports the NIST 800-53 Moderate-Impact Baseline for the Red Hat OpenShift - Node level, ocp4-moderate-node, security profile.
* In this release, the remediation template now allows multi-value variables.
@@ -59,7 +88,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.44
59
88
+
60
89
* The RBAC Role and Role Binding used for Prometheus metrics are changed to 'ClusterRole' and 'ClusterRoleBinding' to ensure that monitoring works without customization.
61
90
+
62
-
* Previously, if an error occurred while parsing a profile, rules or variables objects were removed and deleted from the profile. Now, if an error occurs during parsing, the `profileparser` annotates the object with a temporary annotation that prevents the object from being deleted until after parsing completes. link:https://bugzilla.redhat.com/show_bug.cgi?id=1988259[(BZ#1988259)].
91
+
* Previously, if an error occurred while parsing a profile, rules or variables objects were removed and deleted from the profile. Now, if an error occurs during parsing, the `profileparser` annotates the object with a temporary annotation that prevents the object from being deleted until after parsing completes. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1988259[*BZ#1988259*])
63
92
+
64
93
* Previously, an error occurred if titles or descriptions were missing from a tailored profile. Because the XCCDF standard requires titles and descriptions for tailored profiles, titles and descriptions are now required to be set in `TailoredProfile` CRs.
65
94
+
@@ -69,7 +98,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.44
69
98
== Release Notes for Compliance Operator 0.1.39
70
99
The following advisory is available for the OpenShift Compliance Operator 0.1.39:
71
100
72
-
* link:https://access.redhat.com/errata/RHBA-2021:3214[RHBA-2021:3214 OpenShift Compliance Operator Bug Fix and Enhancement Update]
0 commit comments