-
Story
-
Resolution: Duplicate
-
Undefined
-
None
-
compliance-operator-1.3.0
-
None
-
False
-
None
-
False
-
-
After installing CO 1.3.0, the rules selected by STIG profiles are missing references to the policy's requirements.
For example:
$ oc get rule ocp4-audit-profile-set -ojsonpath='{.metadata.annotations}' | jq { "compliance.openshift.io/image-digest": "pb-ocp4lvvvp", "compliance.openshift.io/rule": "audit-profile-set", "control.compliance.openshift.io/CIS-OCP": "3.2.1;3.2.2", "control.compliance.openshift.io/NERC-CIP": "CIP-003-8 R4;CIP-003-8 R4.1;CIP-003-8 R4.2;CIP-003-8 R5.2;CIP-003-8 R6;CIP-004-6 R2.2.2;CIP-004-6 R2.2.3;CIP-004-6 R3.3;CIP-007-3 R.1.3;CIP-007-3 R5;CIP-007-3 R5.1.1;CIP-007-3 R5.2;CIP-007-3 R5.3.1;CIP-007-3 R5.3.2;CIP-007-3 R5.3.3;CIP-007-3 R6.5", "control.compliance.openshift.io/NIST-800-53": "AU-2;AU-3;AU-3(1);AU-6;AU-6(1);AU-7;AU-7(1);AU-8;AU-8(1);AU-9;AU-12;AU-12(1);AU-12(3);CM-5(1);SI-11;SI-12;SI-4(20);SI-4(23)", "control.compliance.openshift.io/PCI-DSS": "Req-2.2;Req-12.5.5", "policies.open-cluster-management.io/controls": "3.2.1,3.2.2,CIP-003-8 R4,CIP-003-8 R4.1,CIP-003-8 R4.2,CIP-003-8 R5.2,CIP-003-8 R6,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5,AU-2,AU-3,AU-3(1),AU-6,AU-6(1),AU-7,AU-7(1),AU-8,AU-8(1),AU-9,AU-12,AU-12(1),AU-12(3),CM-5(1),SI-11,SI-12,SI-4(20),SI-4(23),Req-2.2,Req-12.5.5", "policies.open-cluster-management.io/standards": "CIS-OCP,NERC-CIP,NIST-800-53,PCI-DSS" }
- duplicates
-
CMP-2401 Add OCP4 STIG IDs and SRGs to profile rules
-
- Closed
-