excluding the ACM related namespace scan in the profile such as profile ocp4-cis-1-5, etc.   When these namespaces are in place in hub/workload namespaces, the compliance scan will report these namespaces require unnecessary network policies. But since these namespaces are not user workload ones, these namespace scans are unnecessary.  We need to rule out these namespaces to make the scan pass. 

namespaces needs to exclude:

hub cluster:

• hive
• local-cluster
• Multiclutser-engine
• open-cluster-management-agent-addon
• open-cluster-management-agent
• open-cluster-management-global-set
• open-clutser-management-hub
• open-cluster-management

managed cluster:

• open-cluster-management-agent-addon
• open-cluster-management-agent

Above may not be a comprehensive list as ACM full functionality may include additional namespaces created. Please feel free to get the full namespace lists from ACM folks.

Please also examine each OOTB profile policy and exclude all of them.