Skip to content

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for the Red Hat OpenShift Container Platform - Platform level

Rules and Groups employed by this XCCDF Profile

  • Ensure Controller secure-port argument is set

    To ensure the Controller Manager service is bound to secure loopback address using a secure port, set the <code>RotateKubeletServerCertificate</cod...
    Rule Low Severity
  • Configure the Service Account Certificate Authority Key for the Controller Manager

    To ensure the API Server utilizes its own key pair, set the <code>masterCA</code> parameter to the public key file for service accounts in the <cod...
    Rule Medium Severity
  • Configure the Service Account Private Key for the Controller Manager

    To ensure the API Server utilizes its own key pair, set the <code>privateKeyFile</code> parameter to the public key file for service accounts in th...
    Rule Medium Severity
  • Ensure that use-service-account-credentials is enabled

    To ensure individual service account credentials are used, set the <code>use-service-account-credentials</code> option to <code>true</code> in the ...
    Rule Medium Severity
  • OpenShift etcd Settings

    Contains rules that check correct OpenShift etcd settings.
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules