-
Epic
-
Resolution: Won't Do
-
Normal
-
None
-
None
-
ACM Further integration on CCM
-
False
-
False
-
To Do
-
ACM-33 - Multi-cluster Governance, Risk & Compliance (GRC)
Epic Goal
Create a common compliance module to support following use cases:
- Visibility
- Remediation
- Audit Evidence
- Could be delivered for customers via
On Prem ACM
On Prem ACS - Red Hat managed Compliance cloud service
- Integrates with both Red Hat and 3rd party Policy engines/Policy Enforcement Points (PEPs) e.g,, Compliance Operator, ACS, Kyverno, Gatekeeper/OPA, *
Falco etc - Enables multi cluster compliance views mapping various PEPs (Red Hat & 3rd party) to compliance standards
- Enables “bring your own Git” based GitOps policy management
- Automated governance via integration with automation tools e.g., Ansible
- Integrates with tools for enterprise GRC, Incident Management, Security Operations Center
Why is this important?
- …
Scenarios
Deliver “Visibility,” “Remediation,” and “Audit Evidence”
Enable a “single pane of glass” compliance view
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
- ...
Previous Work (Optional):
- …
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- is cloned by
-
-
- Closed
-
