Skip to content

[enterprise-4.17] CMP-3717: Update supported profiles documentation #102871

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 20, 2025
Merged

[enterprise-4.17] CMP-3717: Update supported profiles documentation #102871

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
140 changes: 39 additions & 101 deletions modules/compliance-supported-profiles.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,32 +30,14 @@ The following tables reflect the latest available profiles in the Compliance Ope
|ocp4-cis ^[1]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.7.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[1]^
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|

|ocp4-cis-1-4 ^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.4.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|

|ocp4-cis-1-5
|CIS Red Hat OpenShift Container Platform Benchmark v1.5.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|

|ocp4-cis-1-7
|ocp4-cis-1-7^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.7.0
|Platform
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
Expand All @@ -75,25 +57,7 @@ The following tables reflect the latest available profiles in the Compliance Ope
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-cis-node-1-4 ^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.4.0
|Node ^[2]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-cis-node-1-5
|CIS Red Hat OpenShift Container Platform Benchmark v1.5.0
|Node ^[2]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
|`x86_64`
`ppc64le`
`s390x`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-cis-node-1-7
|ocp4-cis-node-1-7^[3]^
|CIS Red Hat OpenShift Container Platform Benchmark v1.7.0
|Node ^[2]^
|link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[4]^
Expand All @@ -105,9 +69,9 @@ The following tables reflect the latest available profiles in the Compliance Ope

|===
[.small]
1. The `ocp4-cis` and `ocp4-cis-node` profiles maintain the most up-to-date version of the CIS benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as CIS v1.4.0, use the `ocp4-cis-1-4` and `ocp4-cis-node-1-4` profiles.
1. The `ocp4-cis` and `ocp4-cis-node` profiles maintain the most up-to-date version of the CIS benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as CIS v1.7.0, use the `ocp4-cis-1-7` and `ocp4-cis-node-1-7` profiles.
2. Node profiles must be used with the relevant Platform profile. For more information, see _Compliance Operator profile types_.
3. CIS v1.4.0 is superceded by CIS v1.5.0. It is recommended to apply the latest profile to your environment.
3. All earlier CIS profiles are superceded by CIS v1.7.0. It is recommended to apply the latest profile to your environment.
4. To locate the CIS {product-title} v4 Benchmark, go to link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark.

[id="bsi-profiles_{context}"]
Expand Down Expand Up @@ -152,6 +116,21 @@ The following tables reflect the latest available profiles in the Compliance Ope
|`x86_64`
|

|rhcos4-bsi ^[3]^
|BSI IT-Grundschutz (Basic Protection) Building Block SYS.1.6 and APP.4.4
|Node ^[2]^
|link:https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf[BSI Basic Protection Compendium]
|`x86_64`
|

|ocp4-bsi-2022 ^[3]^
|BSI IT-Grundschutz (Basic Protection) Building Block SYS.1.6 and APP.4.4
|Node ^[2]^
|link:https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf[BSI Basic Protection Compendium]
|`x86_64`
|


|===
[.small]
1. The `ocp4-bsi` and `ocp4-bsi-node` profiles maintain the most up-to-date version of the BSI Basic Protection Profile as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as BSI 2022, use the `ocp4-bsi-2022` and `ocp4-bsi-node-2022` profiles.
Expand Down Expand Up @@ -390,6 +369,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|

|ocp4-pci-dss-3-2 ^[3]^
Expand All @@ -399,6 +379,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|

|ocp4-pci-dss-4-0
Expand All @@ -407,6 +388,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|

|ocp4-pci-dss-node ^[1]^
Expand All @@ -415,6 +397,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-pci-dss-node-3-2 ^[3]^
Expand All @@ -424,6 +407,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|`x86_64`
`ppc64le`
`s390x`
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-pci-dss-node-4-0
Expand All @@ -432,6 +416,7 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|link:https://www.pcisecuritystandards.org/document_library?document=pci_dss[PCI Security Standards ® Council Document Library]
|`x86_64`
`ppc64le`
`aarch64`
|{product-rosa} with {hcp} (ROSA HCP)
|===

Expand Down Expand Up @@ -460,95 +445,48 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses
|Supported platforms

|ocp4-stig ^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift^[3]^
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|

|ocp4-stig-node ^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-stig-node-v1r1 ^[3]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V1R1
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-stig-node-v2r1
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R1
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-stig-node-v2r2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift^[3]^
|Node ^[2]^
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)

|ocp4-stig-v1r1 ^[3]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V1R1
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|

|ocp4-stig-v2r1
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R1
|ocp4-stig-v2r3
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R3
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|

|ocp4-stig-v2r2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R2
|Platform
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|

|rhcos4-stig
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
|ocp4-stig-node-v2r3 ^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R3
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)

|rhcos4-stig-v1r1 ^[3]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V1R1
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG] ^[3]^
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)
|

|rhcos4-stig-v2r1
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R1
|rhcos4-stig^[1]^
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift^[3]^
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
`ppc64le`
|{product-rosa} with {hcp} (ROSA HCP)

|rhcos4-stig-v2r2
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R2
|rhcos4-stig-v2r3
|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift V2R3
|Node
|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG]
|`x86_64`
Expand All @@ -557,9 +495,9 @@ Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses

|===
[.small]
1. The `ocp4-stig`, `ocp4-stig-node` and `rhcos4-stig` profiles maintain the most up-to-date version of the DISA-STIG benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as DISA-STIG V2R1, use the `ocp4-stig-v2r1` and `ocp4-stig-node-v2r1` profiles.
1. The `ocp4-stig`, `ocp4-stig-node` and `rhcos4-stig` profiles maintain the most up-to-date version of the DISA-STIG benchmark as it becomes available in the Compliance Operator. If you want to adhere to a specific version, such as DISA-STIG V2R3, use the `ocp4-stig-v2r3` and `ocp4-stig-node-v2r3` profiles.
2. Node profiles must be used with the relevant Platform profile. For more information, see _Compliance Operator profile types_.
3. DISA-STIG V1R1 is superceded by DISA-STIG V2R1. It is recommended to apply the latest profile to your environment.
3. DISA-STIG V1R2 is superceded by DISA-STIG V2R3. It is recommended to apply the latest profile to your environment.

[id="compliance-extended-profiles_{context}"]
== About extended compliance profiles
Expand Down