The instructions for rule ocp4-machine-volume-encrypted is not correct.
To to retrieve if the FIPS flag is enabled, should use: 
$ oc get machineconfig -o json | jq '[.items[] | select(.metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.fips == true)' [   true,   true,   true,   true ]

To retrieve if LUKS encryption is enabled, should use:
$ oc get machineconfig -o json | jq '[.items[] | select(.metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.config.storage.luks[0].clevis != null)' [   true,   true,   true,   true ] 

4.12.0-0.nightly-2022-09-26-111919 + compliance-operator.v0.1.55

always

 Install compliance-operator.v0.1.55.
2. Check the instructions for rule ocp4-machine-volume-encrypted:
$ oc get rule ocp4-machine-volume-encrypted -o=jsonpath={.instructions} 

With commands in the instructions, a user could not get the FIPS and LUKS encryption status correctly(on a fips enabled and LUKS encryption enabled cluster):  
$ oc get machineconfig -o json | jq '. | [select(.items[].metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.fips == true)'
[
  false,
  false,
  false,
  false
]
$ oc get machineconfig -o json | jq '. | [select(.items[].metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.config.storage.luks[0].clevis != null)'
[
  false,
  false,
  false,
  false
]

To to retrieve if the FIPS flag is enabled, should use: 
$ oc get machineconfig -o json | jq '[.items[] | select(.metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.fips == true)'
[
  true,
  true,
  true,
  true
]

To retrieve if LUKS encryption is enabled, should use:
$ oc get machineconfig -o json | jq '[.items[] | select(.metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.config.storage.luks[0].clevis != null)'
[
  true,
  true,
  true,
  true
]

$ oc get rule ocp4-machine-volume-encrypted -o=jsonpath={.instructions}
Run the following command to see if EBS encryption is enabled:
$ oc get machineset --all-namespaces -o json | jq '[.items[] | .spec.template.spec.providerSpec.value.blockDevices[0].ebs.encrypted] | map(. == true)'
Make sure that the result is an array of 'true' values.Run the following command to retrieve if the GCP disk encryption is enabled:
$ oc get machineset --all-namespaces -o json | jq '[.items[] | select(.spec.template.spec.providerSpec.value.disks[0].encryptionKey.kmsKey.name != null) | .metadata.name]'
Make sure that the result is an array MachineSet names. These MachineSets 
have references to the GCP's KMS key names, which can be inspected by going through them
with $ oc get machineset --all-namespaces -o yamlRun the following command to retrieve if the Azure disk encryption is enabled:
$ oc get machineset --all-namespaces -o json | jq '[.items[] | select(.spec.template.spec.providerSpec.value.osDisk.managedDisk.diskEncryptionSet.id != null) | .metadata.name]}'
Make sure that the result is an array of machineset names where
disk encryption is enabled.
This can be inspected by going through them
with $ oc get machineset --all-namespaces -o yamlIf not, run the following command to retrieve if the FIPS flag is enabled:
$ oc get machineconfig -o json | jq '. | [select(.items[].metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.fips == true)'
Make sure that the result is an array of 'true' values.
Then, run this next command to retrieve if LUKS encryption is enabled:
$ oc get machineconfig -o json | jq '. | [select(.items[].metadata.name | test("^rendered-worker-[0-9a-z]+$|^rendered-master-[0-9a-z]+$"))] | map(.spec.config.storage.luks[0].clevis != null)'