Skip to content

[rhacs-docs-4.6] ROX-21712: Add note about compliance operator #87041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 14, 2025
Merged

[rhacs-docs-4.6] ROX-21712: Add note about compliance operator #87041

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions operating/compliance-operator-rhacs.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,16 @@ toc::[]

[role="_abstract"]
You can configure {product-title-short} to use the Compliance Operator for compliance reporting and remediation with {ocp} clusters. Results from the Compliance Operator are reported in the {product-title-short} Compliance Dashboard.
[NOTE]
====
You must install the Compliance Operator on the cluster where Central is installed and on each secured cluster that you want reviewed for compliance.
====

The Compliance Operator automates the review of numerous technical implementations and compares them with certain aspects of industry standards, benchmarks, and baselines.
The Compliance Operator automates the review of numerous technical implementations and compares them with certain aspects of industry standards, benchmarks, and baselines.

The Compliance Operator is not an auditor. To comply or certify to these various standards, you must engage an authorized auditor such as a Qualified Security Assessor (QSA), Joint Authorization Board (JAB), or other industry-recognized regulatory authority to assess your environment.

The Compliance Operator makes recommendations based on generally available information and practices that relate to such standards and can assist with remediation, but actual compliance is your responsibility. You are required to work with an authorized auditor to achieve compliance with a standard.
The Compliance Operator makes recommendations based on generally available information and practices that relate to such standards and can assist with remediation, but actual compliance is your responsibility. You are required to work with an authorized auditor to achieve compliance with a standard.

For the latest updates, see the link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-latest-version}/html/security_and_compliance/compliance-operator#compliance-operator-release-notes[Compliance Operator release notes].

Expand All @@ -33,7 +37,7 @@ include::modules/compliance-operator-install.adoc[leveloffset=+1]
//Configuring the ScanSettingBinding object
include::modules/compliance-operator-configure-scanning.adoc[leveloffset=+1]

// See https://docs.openshift.com/container-platform/4.12/security/compliance_operator/compliance-scans.html#running-compliance-scans_compliance-operator-scans.
// See https://docs.openshift.com/container-platform/4.12/security/compliance_operator/compliance-scans.html#running-compliance-scans_compliance-operator-scans.

[role="_additional-resources"]
.Additional resources
Expand Down