openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

CMP-3717: Update supported profiles documentation

Browse Source
This commit is contained in:
GroceryBoyJr
2025-11-14 16:50:33 -05:00
committed by openshift-cherrypick-robot
parent a57b811b64
commit ddab2d54e9
1 changed files with 39 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
modules/compliance-supported-profiles.adoc
View File

@@ -30,32 +30,14 @@ The following tables reflect the latest available profiles in the Compliance Ope
|ocp4-cis ^[1]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.7.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[1]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|
|ocp4-cis-1-4 ^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.4.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|
|ocp4-cis-1-5
|CIS Red Hat OpenShift Container Platform Benchmark v1.5.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|
|ocp4-cis-1-7
|ocp4-cis-1-7^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.7.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
@@ -75,25 +57,7 @@ The following tables reflect the latest available profiles in the Compliance Ope
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-cis-node-1-4 ^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.4.0
|Node ^[2]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-cis-node-1-5
|CIS Red Hat OpenShift Container Platform Benchmark v1.5.0
|Node ^[2]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-cis-node-1-7
|ocp4-cis-node-1-7^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.7.0
|Node ^[2]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
@@ -105,9 +69,9 @@ The following tables reflect the latest available profiles in the Compliance Ope
|===
[.small]
1. The `ocp4-cis` and `ocp4-cis-node` profiles maintain the most up-to-date version of the CIS benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as CIS v1.4.0, use the `ocp4-cis-1-4` and `ocp4-cis-node-1-4` profiles.
1. The `ocp4-cis` and `ocp4-cis-node` profiles maintain the most up-to-date version of the CIS benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as CIS v1.7.0, use the `ocp4-cis-1-7` and `ocp4-cis-node-1-7` profiles.
2. Node profiles must be used with the relevant Platform profile. For more information, see _Compliance Operator profile types_.
3. CIS v1.4.0 is superceded by CIS v1.5.0. It is recommended to apply the latest profile to your environment.
3. All earlier CIS profiles are superceded by CIS v1.7.0. It is recommended to apply the latest profile to your environment.
4. To locate the CIS {product-title} v4 Benchmark, go to link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
[id="bsi-profiles_{context}"]
@@ -152,6 +116,21 @@ The following tables reflect the latest available profiles in the Compliance Ope
|`x86_64`
|
|rhcos4-bsi ^[3]^
|BSI IT-Grundschutz (Basic Protection) Building Block SYS.1.6 and APP.4.4
|Node ^[2]^
|link:https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf[BSI Basic Protection Compendium]
|`x86_64`
|
|ocp4-bsi-2022 ^[3]^
|BSI IT-Grundschutz (Basic Protection) Building Block SYS.1.6 and APP.4.4
|Node ^[2]^
|link:https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf[BSI Basic Protection Compendium]
|`x86_64`
|
|===
[.small]
1. The `ocp4-bsi` and `ocp4-bsi-node` profiles maintain the most up-to-date version of the BSI Basic Protection Profile as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as BSI 2022, use the `ocp4-bsi-2022` and `ocp4-bsi-node-2022` profiles.
@@ -390,6 +369,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|
|ocp4-pci-dss-3-2 ^[3]^
@@ -399,6 +379,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|
|ocp4-pci-dss-4-0
@@ -407,6 +388,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|
|ocp4-pci-dss-node ^[1]^
@@ -415,6 +397,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-pci-dss-node-3-2 ^[3]^
@@ -424,6 +407,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-pci-dss-node-4-0
@@ -432,6 +416,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)
|===
@@ -460,7 +445,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|Supported platforms
|ocp4-stig ^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift^[3]^
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
@@ -468,87 +453,40 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|
|ocp4-stig-node ^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift^[3]^
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-stig-node-v1r1 ^[3]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V1R1
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-stig-node-v2r1
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R1
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-stig-node-v2r2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R2
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|ocp4-stig-v1r1 ^[3]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V1R1
|ocp4-stig-v2r3
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R3
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|
|ocp4-stig-v2r1
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R1
|Platform
|ocp4-stig-node-v2r3 ^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R3
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|
|ocp4-stig-v2r2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R2
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|
|rhcos4-stig
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
|rhcos4-stig^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift^[3]^
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|rhcos4-stig-v1r1 ^[3]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V1R1
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG] ^[3]^
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|rhcos4-stig-v2r1
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R1
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|rhcos4-stig-v2r2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R2
|rhcos4-stig-v2r3
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R3
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
@@ -557,9 +495,9 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|===
[.small]
1. The `ocp4-stig`, `ocp4-stig-node` and `rhcos4-stig` profiles maintain the most up-to-date version of the DISA-STIG benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as DISA-STIG V2R1, use the `ocp4-stig-v2r1` and `ocp4-stig-node-v2r1` profiles.
1. The `ocp4-stig`, `ocp4-stig-node` and `rhcos4-stig` profiles maintain the most up-to-date version of the DISA-STIG benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as DISA-STIG V2R3, use the `ocp4-stig-v2r3` and `ocp4-stig-node-v2r3` profiles.
2. Node profiles must be used with the relevant Platform profile. For more information, see _Compliance Operator profile types_.
3. DISA-STIG V1R1 is superceded by DISA-STIG V2R1. It is recommended to apply the latest profile to your environment.
3. DISA-STIG V1R2 is superceded by DISA-STIG V2R3. It is recommended to apply the latest profile to your environment.
[id="compliance-extended-profiles_{context}"]
== About extended compliance profiles