Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-287

MicroShift scap profile(s)

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
    • 50
    • 50% 50%
    • 0
    • 0

    Description

      Feature Overview (aka. Goal Summary)  

      MicroShift customers frequently have strict governance requirements, e.g. they need to by compliant with CIS, NIST or PCI-DSS policies. OpenSCAP is the framework to implement that. There are a couple of scap profiles available for RHEL and OpenShift. But these do not work fully with MicroShift and need adaptation. 

      The goal of this feature is to determine the process needed to adapt an existing profile / create a new profile based on an existing one.

      There are several candidates to start with, i.e.: CIS, NERC, NIST 800-53, PCI-

      Requirements (aka. Acceptance Criteria):

      A list of specific needs or objectives that a feature must deliver in order to be considered complete.  Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc.  Initial completion during Refinement status.

      Provide at least one scap profile specific to MicroShift 

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios.  Initial completion during Refinement status.

      As MicroShift admin, I want to use OpenSCAP tooling to asses and ensure compliance of my MicroShift installation with relevant standards. 

      A profile should be applicable to both rpm and ostree based deployments. 

      Questions to Answer (Optional):

      Find out how new scap profiles can be created/submitted

      Determine which existing profiles are most relevant to MicroShift customers

      Out of Scope

      Creating new profiles from scratch. We will always take an existing profile as baseline.

      Handle ostree specifics, e.g. apply a profile during image builds

      Background

      Customer Considerations

      Determine which profiles / standards are relevant to customers

       

      Documentation Considerations

      Determine which profiles / standards are relevant to customers

       

      Interoperability Considerations

      Need to work in combination with RHEL profiles. E.g. when CIS compliance is the goal, both the RHEL and MicroShift profiles are relevant.

      Attachments

        Issue Links

          relates to

          Feature Request - Feature requests from customers and/or users RFE-3467 MicroShift: create/support cis scap profiles

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Accepted

          Activity

            People

              dfroehli42rh Daniel Fröhlich
              dfroehli42rh Daniel Fröhlich
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: