Paul Bastide

Compliance Operator Quick Notes

If you’re processing Credit Card Payments on the OpenShift Container Platform, the Payment Card Industry and the Data Security Standard is a must on your cluster.

With Red Hat’s release of the Compliance Operator v0.1.59, they added support for IBM Power Systems.

I wanted to share a couple of notes about the Compliance Operator:

  1. The Compliance Operator supports the ocp4-cisocp4-cis-nodeocp4-pci-dss-node and ocp4-pci-dss profiles.
  2. The Compliance Operator sources the profiles which have a set of rules from ComplianceAsCode/content. For instance, you can see the OpenShift profiles at products/ocp4/profiles/.
  3. The Compliance Operator PCI-DSS profiles support v3.2.1.
  4. If you see a profile with a postfix of -node, it’s focus is on the Operating System.
  5. If you see no -node on the profile name, it’s focus is on the Kubernetes and OpenShift platform.

Clarification 2023-FEB-07 I learned the -node and node were actually there due to limitations in oscap, together they represent the same profile and are expected to be applied together.

I hope this quick notes help you.

References
  1. Medium/Aditi Jadhav: Using the Compliance Operator to support PCI-DSS on OpenShift Container Platform on Power
  2. Power Developer Exchange: OpenShift Compliance Operator 0.1.59 now supports PCI-DSS on Power
  3. PCI-DSS v3.2.1 Standard
  4. Supported compliance profiles

Posted

in

by

Paul

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.