Merge pull request #47169 from sheriff-rh/CMP-1253

stevsmit · web-flow · commit eb4f881b055b · 2022-06-29T13:28:06.000-04:00
CMP-1253 updated CO supported profiles table
diff --git a/modules/compliance-supported-profiles.adoc b/modules/compliance-supported-profiles.adoc
@@ -75,5 +75,19 @@ The Compliance Operator provides the following compliance profiles:
 |North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for Red Hat Enterprise Linux CoreOS
 |0.1.44+
 |link:https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx[NERC CIP Standards]
-|===
 
+|ocp4-high
+|NIST 800-53 High-Impact Baseline for Red Hat OpenShift - Platform level
+|0.1.52+
+|link:https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53[NIST SP-800-53 Release Search]
+
+|ocp4-high-node
+|NIST 800-53 High-Impact Baseline for Red Hat OpenShift - Node level
+|0.1.52+
+|link:https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53[NIST SP-800-53 Release Search]
+
+|rhcos4-high
+|NIST 800-53 High-Impact Baseline for Red Hat Enterprise Linux CoreOS
+|0.1.52+
+|link:https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53[NIST SP-800-53 Release Search]
+|===
diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc
@@ -20,6 +20,11 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52
 
 * link:https://access.redhat.com/errata/RHBA-2022:4657[RHBA-2022:4657 - OpenShift Compliance Operator bug fix update]
 
+[id="compliance-operator-0-1-52-new-features-and-enhancements"]
+== New features and enhancements
+
+* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles].
+
 [id="compliance-operator-0-1-52-bug-fixes"]
 === Bug fixes
 
@@ -33,6 +38,17 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52
 
 * Previously, the Machine Config Operator used `base64` instead of `url-encoded` code in the latest release, causing Compliance Operator remediation to fail. Now, the Compliance Operator checks encoding to handle both `base64` and `url-encoded` Machine Config code and the remediation applies correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2082431[*BZ#2082431*])
 
+[id="compliance-operator-0-1-52-known-issue"]
+=== Known issue
+
+* When `"debug":true` is set within the `ScanSettingBinding` object, the pods generated by the `ScanSettingBinding` object are not removed when that binding is deleted. As a workaround, run the following command to delete the remaining pods:
++
+----
+$ oc delete pods -l compliance.openshift.io/scan-name=ocp4-cis
+----
++
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=2092913[*BZ#2092913*])
+
 [id="compliance-operator-release-notes-0-1-49"]
 == OpenShift Compliance Operator 0.1.49
 
