RHACS-Controls.png

Business Problem:

Cu has a TailoredProfile(TP) configured. For some rules in this TP, Cu can see 0% Compliance results under RHACS's =>Compliance=>TP's Controls (as seen in the attached screenshot) . It is already shared with Cu that as per RHACS 4.1 release notes:

Standards controlled by the compliance operator cannot be disabled or hidden in RHACS. You must configure the compliance operator custom resource definitions (CRDs) to remove them from display.

However, due to their internal compliance requirements, Cu isn't able to disable rules in the TP resource for these 0% compliant controls. They are also not a position to apply the remediation for these controls.

Use Cases:

Due to their internal compliance requirements:

• Cu is not allowed to completely remove those failed TP rules that report 0% Compliance results under RHACS's ->Compliance=>Controls.
• They also can't implement the remediations for these 0% compliance controls
  Thus, they also want to keep the rules that show 0% Compliance, however, still have the ability to silent/suspend some non-compliant Controls in RHACS

Key Functionality:

Most scanning tools have the ability to silent/suspend any non-compliant scan results for a few hours/days. Cu has asked for a similar functionality for all TP rules that report 0% Compliance result under RHACS's => Compliance=>Controls

Acceptance criteria:

Cu is able to silent/suspend Controls which report 0% Compliance result under RHACS's Compliance --> Controls by a few days/week

Implementation Suggestions (optional):

• Integration: OpenShift Compliance Operator

• Dependencies:  OpenShift Compliance Operator
   
• User Experience: The ability to silent/suspend Controls which report 0% Compliance result under RHACS's Compliance --> Controls for few days/week