OCPBUGS-17816: Compliance Operator documentation improvements

security/compliance_operator/co-concepts/_attributes

@@ -0,0 +1 @@
+../../../_attributes/

security/compliance_operator/co-concepts/compliance-operator-understanding.adoc

@@ -19,4 +19,4 @@ include::modules/compliance-profiles.adoc[leveloffset=+1]
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]
+* xref:../../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]

security/compliance_operator/co-concepts/images

@@ -0,0 +1 @@
+../../../images/

security/compliance_operator/co-concepts/modules

@@ -0,0 +1 @@
+../../../modules/

security/compliance_operator/co-concepts/snippets

@@ -0,0 +1 @@
+../../../snippets/

security/compliance_operator/co-management/_attributes

@@ -0,0 +1 @@
+../../../_attributes/

security/compliance_operator/co-management/compliance-operator-installation.adoc

@@ -19,7 +19,7 @@ include::modules/compliance-operator-console-installation.adoc[leveloffset=+1]
 ====
 If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues.
 
-You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
+You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
 ====
 
 include::modules/compliance-operator-cli-installation.adoc[leveloffset=+1]
@@ -28,7 +28,7 @@ include::modules/compliance-operator-cli-installation.adoc[leveloffset=+1]
 ====
 If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues.
 
-You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
+You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
 ====
 
 // only applies to 4.11+
@@ -38,13 +38,13 @@ include::modules/compliance-operator-hcp-install.adoc[leveloffset=+1]
 .Additional resources
 
 // 4.13+
-* xref:../../hosted_control_planes/index.adoc#hcp-overview[Hosted control planes overview]
+* xref:../../../hosted_control_planes/index.adoc#hcp-overview[Hosted control planes overview]
 //
 // 4.11-4.12, commenting out of 4.13-main
-//* xref:../../architecture/control-plane.adoc#hosted-control-planes-overview_control-plane[Overview of hosted control planes (Technology Preview)]
+//* xref:../../../architecture/control-plane.adoc#hosted-control-planes-overview_control-plane[Overview of hosted control planes (Technology Preview)]
 
 [id="additional-resources-installing-the-compliance-operator"]
 [role="_additional-resources"]
 == Additional resources
 
-* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
+* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].

security/compliance_operator/co-management/compliance-operator-manage.adoc

@@ -16,4 +16,4 @@ include::modules/compliance-update.adoc[leveloffset=+1]
 [role="_additional-resources"]
 == Additional resources
 
-* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
+* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].

security/compliance_operator/co-management/compliance-operator-uninstallation.adoc

@@ -1,5 +1,5 @@
 :_content-type: ASSEMBLY
-[id="compliance-operator-uninstallation_{context}"]
+[id="compliance-operator-uninstallation"]
 = Uninstalling the Compliance Operator
 include::_attributes/common-attributes.adoc[]
 :context: compliance-operator-uninstallation

security/compliance_operator/co-management/compliance-operator-updating.adoc

@@ -16,4 +16,4 @@ include::modules/olm-approving-pending-upgrade.adoc[leveloffset=+1]
 // [role="_additional-resources"]
 // == Additional resources
 //
-// * For more information, see xref:../../operators/admin/
+// * For more information, see xref:../../../operators/admin/

security/compliance_operator/co-management/images

@@ -0,0 +1 @@
+../../../images/

security/compliance_operator/co-management/modules

@@ -0,0 +1 @@
+../../../modules/

security/compliance_operator/co-management/snippets

@@ -0,0 +1 @@
+../../../snippets/

security/compliance_operator/co-overview.adoc

@@ -0,0 +1,50 @@
+:_content-type: ASSEMBLY
+[id="co-overview"]
+= Compliance Operator overview
+include::_attributes/common-attributes.adoc[]
+:context: co-overview
+
+{product-title} Compliance Operator (CO) runs compliance scans and provides remediations to assist users in meeting compliance standards. For the latest updates, see the xref:../../security/compliance_operator/compliance-operator-release-notes.adoc#compliance-operator-release-notes[Compliance Operator release notes]. If needed, you can engage link:https://access.redhat.com/support/[Red Hat support].
+
+[IMPORTANT]
+====
+The Compliance Operator does not automatically perform remediations. Ensuring compliance standards are met is required by the user.
+====
+
+[discrete]
+==== Compliance Operator concepts
+
+xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#compliance-operator-understanding[Understanding the Compliance Operator]
+
+xref:../../security/compliance_operator/co-concepts/compliance-operator-crd.adoc#custom-resource-definitions[Understanding the Custom Resource Definitions]
+//[new page] Quick start?
+
+[discrete]
+==== Compliance Operator management
+
+xref:../../security/compliance_operator/co-management/compliance-operator-installation.adoc#compliance-operator-installation[Installing the Compliance Operator]
+
+xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#compliance-operator-updating[Updating the Compliance Operator]
+
+xref:../../security/compliance_operator/co-management/compliance-operator-manage.adoc#compliance-operator-understanding[Managing the Compliance Operator]
+
+xref:../../security/compliance_operator/co-management/compliance-operator-uninstallation.adoc#compliance-operator-uninstallation[Uninstalling the Compliance Operator]
+
+[discrete]
+==== Compliance Operator scan management
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]
+
+xref:../../security/compliance_operator/co-scans/compliance-scans.adoc#compliance-operator-scans[Compliance Operator scans]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-tailor.adoc#compliance-operator-tailor[Tailoring the Compliance Operator]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-raw-results.adoc#compliance-operator-raw-results[Retrieving Compliance Operator raw results]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-operator-remediation[Managing Compliance Operator remediation]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-operator-advanced[Performing advanced Compliance Operator tasks]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-operator-troubleshooting[Troubleshooting the Compliance Operator]
+
+xref:../../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[Using the oc-compliance plugin]

security/compliance_operator/co-scans/_attributes

@@ -0,0 +1 @@
+../../../_attributes/

security/compliance_operator/co-scans/compliance-operator-advanced.adoc

@@ -27,4 +27,4 @@ include::modules/compliance-custom-scc.adoc[leveloffset=+1]
 [id="additional-resources_compliance-operator-advanced"]
 [role="_additional-resources"]
 == Additional resources
-* xref:../../authentication/managing-security-context-constraints.adoc[Managing security context constraints]
+* xref:../../../authentication/managing-security-context-constraints.adoc[Managing security context constraints]

security/compliance_operator/co-scans/compliance-operator-remediation.adoc

@@ -35,4 +35,4 @@ include::modules/compliance-inconsistent.adoc[leveloffset=+1]
 [role="_additional-resources"]
 == Additional resources
 
-*  xref:../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing-about_nodes-nodes-managing[Modifying nodes].
+*  xref:../../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing-about_nodes-nodes-managing[Modifying nodes].

security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc

@@ -18,6 +18,4 @@ include::modules/compliance-supported-profiles.adoc[leveloffset=+1]
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profiles_understanding-compliance[Compliance Operator profiles]
-
-* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profile_typesunderstanding-compliance[Compliance Operator profile types]
+* xref:../../../security/compliance_operator/co-concepts/compliance-operator-understanding.html#compliance_profile_types_understanding-compliance[Compliance Operator profile types]

security/compliance_operator/co-scans/images

@@ -0,0 +1 @@
+../../../images/

security/compliance_operator/co-scans/modules

@@ -0,0 +1 @@
+../../../modules/

security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc

@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Although the xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] automates many of the checks and remediations for the cluster, the full process of bringing a cluster into compliance often requires administrator interaction with the Compliance Operator API and other components. The `oc-compliance` plugin makes the process easier.
+Although the xref:../../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] automates many of the checks and remediations for the cluster, the full process of bringing a cluster into compliance often requires administrator interaction with the Compliance Operator API and other components. The `oc-compliance` plugin makes the process easier.
 
 
 include::modules/oc-compliance-installing.adoc[leveloffset=+1]

security/compliance_operator/co-scans/snippets

@@ -0,0 +1 @@
+../../../snippets/

security/compliance_operator/compliance-operator-release-notes.adoc

@@ -11,9 +11,9 @@ The Compliance Operator lets {product-title} administrators describe the require
 
 These release notes track the development of the Compliance Operator in the {product-title}.
 
-For an overview of the Compliance Operator, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator].
+For an overview of the Compliance Operator, see xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator].
 
-To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
+To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
 
 [id="compliance-operator-release-notes-1-3-0"]
 == OpenShift Compliance Operator 1.3.0
@@ -25,7 +25,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.3.0:
 [id="compliance-operator-1-3-0-new-features-and-enhancements"]
 === New features and enhancements
 
-* The Defense Information Systems Agency Security Technical Implementation Guide (DISA-STIG) for {product-title} is now available from Compliance Operator 1.3.0. See xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-supported-profiles_compliance-operator-supported-profiles[Supported compliance profiles] for additional information.
+* The Defense Information Systems Agency Security Technical Implementation Guide (DISA-STIG) for {product-title} is now available from Compliance Operator 1.3.0. See xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-supported-profiles_compliance-operator-supported-profiles[Supported compliance profiles] for additional information.
 
 * Compliance Operator 1.3.0 now supports {ibmpowerProductName} and {ibmzproductname} for NIST 800-53 Moderate-Impact Baseline for {product-title} platform and node profiles.
 
@@ -62,7 +62,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.1.0:
 
 * A start and end timestamp is now available in the `ComplianceScan` custom resource definition (CRD) status.
 
-* The Compliance Operator can now be deployed on Hosted Control Planes using the OperatorHub by creating a `Subscription` file. For more information, see xref:../../security/compliance_operator/compliance-operator-installation.adoc#installing-compliance-operator-hcp_compliance-operator-installation[Installing the Compliance Operator on Hosted Control Planes].
+* The Compliance Operator can now be deployed on Hosted Control Planes using the OperatorHub by creating a `Subscription` file. For more information, see xref:../../security/compliance_operator/co-management/compliance-operator-installation.adoc#installing-compliance-operator-hcp_compliance-operator-installation[Installing the Compliance Operator on Hosted Control Planes].
 
 [id="compliance-operator-1-1-0-bug-fixes"]
 === Bug fixes
@@ -106,7 +106,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.0.0:
 [id="compliance-operator-1-0-0-new-features-and-enhancements"]
 === New features and enhancements
 
-* The Compliance Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
+* The Compliance Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
 
 [id="compliance-operator-1-0-0-bug-fixes"]
 === Bug fixes
@@ -130,7 +130,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.61
 [id="compliance-operator-0-1-61-new-features-and-enhancements"]
 === New features and enhancements
 
-* The Compliance Operator now supports timeout configuration for Scanner Pods. The timeout is specified in the `ScanSetting` object. If the scan is not completed within the timeout, the scan retries until the maximum number of retries is reached. See xref:../../security/compliance_operator/compliance-operator-troubleshooting.adoc#compliance-timeout_compliance-troubleshooting[Configuring ScanSetting timeout] for more information.
+* The Compliance Operator now supports timeout configuration for Scanner Pods. The timeout is specified in the `ScanSetting` object. If the scan is not completed within the timeout, the scan retries until the maximum number of retries is reached. See xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-timeout_compliance-troubleshooting[Configuring ScanSetting timeout] for more information.
 
 [id="compliance-operator-0-1-61-bug-fixes"]
 === Bug fixes
@@ -193,18 +193,18 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.57
 [id="compliance-operator-0-1-57-new-features-and-enhancements"]
 === New features and enhancements
 
-* `KubeletConfig` checks changed from `Node` to `Platform` type. `KubeletConfig` checks the default configuration of the `KubeletConfig`. The configuration files are aggregated from all nodes into a single location per node pool. See xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[Evaluating `KubeletConfig` rules against default configuration values].
+* `KubeletConfig` checks changed from `Node` to `Platform` type. `KubeletConfig` checks the default configuration of the `KubeletConfig`. The configuration files are aggregated from all nodes into a single location per node pool. See xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[Evaluating `KubeletConfig` rules against default configuration values].
 
-* The `ScanSetting` Custom Resource now allows users to override the default CPU and memory limits of scanner pods through the `scanLimits` attribute. For more information, see xref:../../security/compliance_operator/compliance-operator-troubleshooting.adoc#compliance-increasing-operator-limits_compliance-troubleshooting[Increasing Compliance Operator resource limits].
+* The `ScanSetting` Custom Resource now allows users to override the default CPU and memory limits of scanner pods through the `scanLimits` attribute. For more information, see xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-increasing-operator-limits_compliance-troubleshooting[Increasing Compliance Operator resource limits].
 
-* A `PriorityClass` object can now be set through `ScanSetting`. This ensures the Compliance Operator is prioritized and minimizes the chance that the cluster falls out of compliance. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-priorityclass_compliance-advanced[Setting `PriorityClass` for `ScanSetting` scans].
+* A `PriorityClass` object can now be set through `ScanSetting`. This ensures the Compliance Operator is prioritized and minimizes the chance that the cluster falls out of compliance. For more information, see xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-priorityclass_compliance-advanced[Setting `PriorityClass` for `ScanSetting` scans].
 
 [id="compliance-operator-0-1-57-bug-fixes"]
 === Bug fixes
 
 * Previously, the Compliance Operator hard-coded notifications to the default `openshift-compliance` namespace. If the Operator were installed in a non-default namespace, the notifications would not work as expected. Now, notifications work in non-default `openshift-compliance` namespaces. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2060726[*BZ#2060726*])
 
-* Previously, the Compliance Operator was unable to evaluate default configurations used by kubelet objects, resulting in inaccurate results and false positives. xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[This new feature] evaluates the kubelet configuration and now reports accurately. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2075041[*BZ#2075041*])
+* Previously, the Compliance Operator was unable to evaluate default configurations used by kubelet objects, resulting in inaccurate results and false positives. xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[This new feature] evaluates the kubelet configuration and now reports accurately. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2075041[*BZ#2075041*])
 
 * Previously, the Compliance Operator reported the `ocp4-kubelet-configure-event-creation` rule in a `FAIL` state after applying an automatic remediation because the `eventRecordQPS` value was set higher than the default value. Now, the `ocp4-kubelet-configure-event-creation` rule remediation sets the default value, and the rule applies correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2082416[*BZ#2082416*])
 
@@ -286,7 +286,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52
 [id="compliance-operator-0-1-52-new-features-and-enhancements"]
 === New features and enhancements
 
-* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles].
+* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles].
 
 [id="compliance-operator-0-1-52-bug-fixes"]
 === Bug fixes
@@ -458,4 +458,4 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.39
 [id="compliance-operator-release-notes_additional-resources"]
 [role="_additional-resources"]
 == Additional resources
-* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator]
+* xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator]

security/index.adoc

@@ -78,7 +78,7 @@ For many {product-title} customers, regulatory readiness, or compliance, on some
 [id="compliance-checking"]
 === Compliance checking
 
-Administrators can use the xref:../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] to run compliance scans and recommend remediations for any issues found. The xref:../security/compliance_operator/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[`oc-compliance` plugin] is an OpenShift CLI (`oc`) plugin that provides a set of utilities to easily interact with the Compliance Operator.
+Administrators can use the xref:../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] to run compliance scans and recommend remediations for any issues found. The xref:../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[`oc-compliance` plugin] is an OpenShift CLI (`oc`) plugin that provides a set of utilities to easily interact with the Compliance Operator.
 
 [discrete]
 [id="file-integrity-checking"]