The Compliance Operator is an optional tool within the OpenShift Container Platform that allows administrators to run compliance scans and recommend remediations to bring the cluster into compliance. It utilizes OpenSCAP, a NIST-certified tool, to describe and enforce security policies. The operator is configured to run a set of Platform and Node profiles that check the cluster and associate the checks with PCI-DSS controls ensuring comprehensive security and compliance.
To support PCI-DSS v4, administrators can follow the detailed guide provided in the document “Supporting PCI-DSS v4 with the Compliance Operator on the OpenShift Container Platform”. The Power Developer Exchange article through the setup, running compliance scans, auto-remediation, and manual fixes required to configure the environment and facilitate compliance.
Note, the security-profiles-operator-exists rule will be removed in future Compliance Operator releases.
apiVersion: compliance.openshift.io/v1alpha1
kind: TailoredProfile
metadata:
name: ocp4-pci-dss-custom
spec:
extends: ocp4-pci-dss
title: PCI-DSS v4 Customized
disableRules:
- name: ocp4-pci-dss-security-profiles-operator-exists
rationale: security profiles operator is not used in the control.
You can see the details on CMP-3278: Misleading rule associated with PCI-DSS 6.4.2 and BSI
Summary
With the addition of PCI-DSS v4 support, the OpenShift Container Platform on IBM Power continues to enhance its security capabilities, making it an excellent choice for organizations processing credit card payments. By leveraging the Compliance Operator, administrators can ensure their clusters meet the necessary security standards, protecting sensitive payment card data effectively.
Explore these resources for more detailed information on the Compliance Operator and its supported profiles.
References
Leave a Reply