diff --git a/modules/compliance-supported-profiles.adoc b/modules/compliance-supported-profiles.adoc index b77c276ffded..bee6c253d624 100644 --- a/modules/compliance-supported-profiles.adoc +++ b/modules/compliance-supported-profiles.adoc @@ -75,5 +75,19 @@ The Compliance Operator provides the following compliance profiles: |North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for Red Hat Enterprise Linux CoreOS |0.1.44+ |link:https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx[NERC CIP Standards] -|=== +|ocp4-high +|NIST 800-53 High-Impact Baseline for Red Hat OpenShift - Platform level +|0.1.52+ +|link:https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53[NIST SP-800-53 Release Search] + +|ocp4-high-node +|NIST 800-53 High-Impact Baseline for Red Hat OpenShift - Node level +|0.1.52+ +|link:https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53[NIST SP-800-53 Release Search] + +|rhcos4-high +|NIST 800-53 High-Impact Baseline for Red Hat Enterprise Linux CoreOS +|0.1.52+ +|link:https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53[NIST SP-800-53 Release Search] +|=== \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc index 47c543c18890..2a3a7868bc61 100644 --- a/security/compliance_operator/compliance-operator-release-notes.adoc +++ b/security/compliance_operator/compliance-operator-release-notes.adoc @@ -20,6 +20,11 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52 * link:https://access.redhat.com/errata/RHBA-2022:4657[RHBA-2022:4657 - OpenShift Compliance Operator bug fix update] +[id="compliance-operator-0-1-52-new-features-and-enhancements"] +== New features and enhancements + +* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]. + [id="compliance-operator-0-1-52-bug-fixes"] === Bug fixes @@ -33,6 +38,17 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52 * Previously, the Machine Config Operator used `base64` instead of `url-encoded` code in the latest release, causing Compliance Operator remediation to fail. Now, the Compliance Operator checks encoding to handle both `base64` and `url-encoded` Machine Config code and the remediation applies correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2082431[*BZ#2082431*]) +[id="compliance-operator-0-1-52-known-issue"] +=== Known issue + +* When `"debug":true` is set within the `ScanSettingBinding` object, the pods generated by the `ScanSettingBinding` object are not removed when that binding is deleted. As a workaround, run the following command to delete the remaining pods: ++ +---- +$ oc delete pods -l compliance.openshift.io/scan-name=ocp4-cis +---- ++ +(link:https://bugzilla.redhat.com/show_bug.cgi?id=2092913[*BZ#2092913*]) + [id="compliance-operator-release-notes-0-1-49"] == OpenShift Compliance Operator 0.1.49