Tag: compliance operator

If you’re processing Credit Card Payments on the OpenShift Container Platform, the Payment Card Industry and the Data Security Standard is a must on your cluster.

With Red Hat’s release of the Compliance Operator v0.1.59, they added support for IBM Power Systems.

I wanted to share a couple of notes about the Compliance Operator:

1. The Compliance Operator supports the ocp4-cis, ocp4-cis-node, ocp4-pci-dss-node and ocp4-pci-dss profiles.
2. The Compliance Operator sources the profiles which have a set of rules from ComplianceAsCode/content. For instance, you can see the OpenShift profiles at products/ocp4/profiles/.
3. The Compliance Operator PCI-DSS profiles support v3.2.1.
4. If you see a profile with a postfix of -node, it’s focus is on the Operating System.
5. If you see no -node on the profile name, it’s focus is on the Kubernetes and OpenShift platform.

Clarification 2023-FEB-07 I learned the -node and node were actually there due to limitations in oscap, together they represent the same profile and are expected to be applied together.

I hope this quick notes help you.

References

1. Medium/Aditi Jadhav: Using the Compliance Operator to support PCI-DSS on OpenShift Container Platform on Power
2. Power Developer Exchange: OpenShift Compliance Operator 0.1.59 now supports PCI-DSS on Power
3. PCI-DSS v3.2.1 Standard
4. Supported compliance profiles