Rule ocp4-file-permissions-etcd-member gets a false negative scan result for a 4.14 nightly payload. That's because there is command difference between the cis the benchmark doc and CO used for rule scanning.
#command used in the bug and benchmark:
$ for i in $(oc get pods -n openshift-etcd -l app=etcd -o name | grep etcd ); do echo "check pod $i"
oc rsh -n openshift-etcd $i stat -c %a /etc/kubernetes/manifests/etcd-pod.yaml; done
check pod pod/etcd-ip-10-0-157-10.us-east-2.compute.internal
600
check pod pod/etcd-ip-10-0-184-196.us-east-2.compute.internal
600
E0725 20:32:05.578430   30673 v3.go:79] EOF
                                           check pod pod/etcd-ip-10-0-208-2.us-east-2.compute.internal
600
#instructions in the rule description
$ oc debug node/ip-10-0-x.us-east-2.compute.internal
Starting pod/ip-10-0-xus-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.x
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-5.1# ls -l /etc/kubernetes/static-pod-resources/etcd-pod-*/etcd-pod.yaml 
-rw-r--r--. 1 root root 24067 Jul 25 01:46 /etc/kubernetes/static-pod-resources/etcd-pod-4/etcd-pod.yaml
-rw-r--r--. 1 root root 24317 Jul 25 01:48 /etc/kubernetes/static-pod-resources/etcd-pod-6/etcd-pod.yaml
-rw-r--r--. 1 root root 24577 Jul 25 01:53 /etc/kubernetes/static-pod-resources/etcd-pod-7/etcd-pod.yaml
-rw-r--r--. 1 root root 24452 Jul 25 01:59 /etc/kubernetes/static-pod-resources/etcd-pod-8/etcd-pod.yaml

compliance operator 1.2.0

Always

1. install compliance operator 1.2.0
2. Create a ssb:
$ oc compliance bind -N test profile/ocp4-cis profile/ocp4-cis-node
3.

Rule ocp4-file-permissions-etcd-member gets a false negative scan result for a 4.14 nightly payload

Rule ocp4-file-permissions-etcd-member should PASS for a 4.14 nightly payload