RHEL 10 installation docs such as https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/automatically_installing_rhel/index do not really describe adhering to security policies (or security profiles or security compliance, seems these terms, especially the first two, are often used almost interchangeably). There are a few references to Image Builder but for cases where existing build setups and pipelines have relied on kickstarts, perhaps leveraging Satellite, there's nothing covering this now that the support for the oscap add-on was removed.

Add a note or a section in a suitable spot to mention that oscap(8) could be ran from %post but how it cannot change everything (e.g. partitioning, obviously) so other kickstart customizations are probably needed. This will help to ensure systems are compliant right from the get-go and it is not mandatory to use Image Builder to create compliant installations.

Thanks.