Add Network Policies rule to OCP

applications/openshift/general/general_configure_network_policies/rule.yml

@@ -0,0 +1,35 @@
+documentation_complete: true
+
+prodtype: ocp3
+
+title: 'Ensure Network Policies are Configured'
+
+description: |-
+    OpenShift supports Kubernetes NetworkPolicy via the ovs-networkpolicy plugin. 
+    The Kubernetes NetworkPolicy plugin is preferred over the ovs-multitenant
+    plugin because Kubernetes Network Policies provide more granular control.
+    The ovs-networkpolicy plugin should be configured instead of the
+    ovs-multitenant plugin.
+
+rationale: |-
+    Properly configured network policies ensure traffic between OpenShift
+    tenants is isolated.
+
+severity: high
+
+ocil_clause: 'the ovs-networkpolicy plugin is not configured or network policies are not in use'
+
+ocil: |-
+    Verify on OpenShift master nodes the plugin being used:
+    <pre>$ oc get networkpolicies</pre>
+
+    Nodes should be properly configured to create network segmentation using the
+    Network Polices plugin over the Multi-tenant plugin.
+
+# Since this is operational guidance and not a configuration check,
+# a CCE should not be assigned.
+#identifiers:
+#    cce@ocp3: 
+
+references:
+    cis: 1.6.8

applications/openshift/general/general_create_network_segmentation/rule.yml

@@ -5,15 +5,16 @@ prodtype: ocp3
 title: 'Ensure Network Segmentation is Configured'
 
 description: |-
-    OpenShuft provides multi-tenant network isolation to segregate network traffic between
-    containers belonging to different tenants (users or applications) while running on a shared
-    cluster. Red Hat also works with 3rd-party SDN vendors to provide the same level of capabilities
-    integrated with OpenShift. For stronger security, create network segmentation using Network Policies
-    as it provides finer-grained control.
+    OpenShift provides multi-tenant network isolation to segregate network
+    traffic between containers belonging to different tenants (users or
+    applications) while running on a shared cluster. Red Hat also works with
+    3rd-party SDN vendors to provide the same level of capabilities integrated
+    with OpenShift. For stronger security, create network segmentation using
+    Network Policies as it provides finer-grained control.
 
 rationale: |-
-    Properly configured network policies ensure traffic between OpenShift tenants is
-    isolated.
+    Properly configured network policies ensure traffic between OpenShift
+    tenants is isolated.
 
 severity: high
 
@@ -23,8 +24,8 @@ ocil: |-
     Verify on OpenShift master nodes the plugin being used:
     <pre>$ grep networkPluginName /etc/origin/master/master-config.yaml</pre>
 
-    Nodes should be properly configured to create network segmentation using the Multi-tenant plugin or
-    Network Policies.
+    Nodes should be properly configured to create network segmentation using
+    the Multi-tenant plugin or Network Policies.
 
 # Since this is operational guidance and not a configuration check,
 # a CCE should not be assigned.