Epic Goal

• Carry the ANSSI BP-028 Profiles for RHCOS as part of the Compliance Operator officially supported profiles
• Ensure that the profiles' rules and remediations are indeed applicable to RHCOS
• Ensure the RHCOS is able to comply with the profiles

Why is this important?

• Having support for the ANSSI BP-028 profiles enable OpenShift to be deployed by European telcos who look for security-related guidance from ANSSI

Scenarios

1. As a cloud operator, I want to ensure that my cluster's nodes are compliant with a certain ANSSI's BP-028 profile (probably enhanced or high)

Acceptance Criteria

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• There is appropriate documentation mentioning that this profile is supported.

Previous Work (Optional):

1. This same profiles are being shipped for RHEL.
2. A previous applicability evaluation was already done for these profiles.
3. An initial draft of the profile for RHCOS already exists in ComplianceAsCode

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>