Epic Goal

Create a common compliance module to support following use cases:

• Visibility
• Remediation
• Audit Evidence
• Could be delivered for customers via
  On Prem ACM
  On Prem ACS
• Red Hat managed Compliance cloud service
• Integrates with both Red Hat and 3rd party Policy engines/Policy Enforcement Points (PEPs) e.g,, Compliance Operator, ACS, Kyverno, Gatekeeper/OPA, *
  Falco etc
• Enables multi cluster compliance views mapping various PEPs (Red Hat & 3rd party) to compliance standards
• Enables “bring your own Git” based GitOps policy management
• Automated governance via integration with automation tools e.g., Ansible
• Integrates with tools for enterprise GRC, Incident Management, Security Operations Center

Why is this important?

• …

Scenarios

1. Deliver “Visibility,” “Remediation,” and “Audit Evidence”
   Enable a “single pane of glass” compliance view

Acceptance Criteria

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• ...

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. …

Open questions::

1. …

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>