×

Compliance 2.0 is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

You can view the compliance results associated with your cluster by using the compliance 2.0 feature in the Red Hat Advanced Cluster Security for Kubernetes (RHACS) portal. The feature collects compliance information gathered by the Compliance Operator into a single interface.

For more information about using the Compliance Operator, see Using the Compliance Operator with Red Hat Advanced Cluster Security for Kubernetes.

Currently, the compliance 2.0 feature and the Compliance Operator evaluate only infrastructure and platform compliance.

Viewing the compliance status of your clusters

By viewing the cluster compliance page, you can get a comprehensive overview of the compliance status of your clusters.

Procedure
  • In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Coverage tab.

Cluster compliance page overview

The cluster compliance page organizes information in the following groups:

  • Cluster: Gives the details of your cluster and provides a snapshot of its current state and configurations.

  • Operator status: Assesses the health and operational status of the Compliance Operator instance within your cluster and ensures that the Operator is running optimally and functioning seamlessly.

  • Compliance: Shows the percentage of checks that have been passed for the scanned profiles.

Customizing and automating your compliance scans

By creating a compliance scan schedule, you can customize and automate your compliance scans to align with your operational requirements.

Procedure
  1. In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Schedules tab.

  2. Click Create scan schedule.

  3. In the Configuration options page, provide the following information:

    • Name: Enter a name to identify different compliance scans.

    • Description: Specify the reason for each compliance scan.

    • Configure schedule: Adjust the scan schedule to fit your required schedule:

      • Frequency: From the drop-down list, select how often you want to perform the scan.

        The following values are supported:

        • Daily

        • Weekly

        • Monthly

      • On day(s): From the list, select one or more days of the week on which you want to perform the scan.

        The following values are supported:

        • Monday

        • Tuesday

        • Wednesday

        • Thursday

        • Friday

        • Saturday

        • Sunday

        • The first of the month

        • The middle of the month

          These values are only applicable if you specify the frequency of scan as Weekly or Monthly.

      • Time: Start to type the time in hh:mm at which you want to run the scan. From the list that is displayed, select a time.

  4. Click Next.

  5. In the Clusters page, select one or more clusters that you want to include in the scan.

  6. Click Next.

  7. In the Profiles page, select one or more profiles that you want to include in the scan.

  8. Click Next.

  9. Review your scan configuration, and then click Create.

Verification
  1. In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Schedules tab.

  2. Select the compliance scan you have created.

  3. In the Clusters section, verify that the operator status is healthy.

  4. Optional: To edit the scan schedule, click Edit scan schedule, make your changes, and then click Save.

Monitoring and analyzing the health of your clusters

By viewing the status of a compliance scan, you can efficiently monitor and analyze the health of your clusters.

Wait until the Compliance Operator returns the scan results. It might take a few minutes.

Procedure
  1. In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Coverage tab.

  2. Select a cluster to view the details of the individual scans.

  3. Optional: Enter the name of the compliance check in the Filter by keyword box to view the status.

  4. Optional: From the Compliance status drop-down list, select one or more statuses by using which you want to filter the scan details.

    The following values are supported:

    • Pass

    • Fail

    • Error

    • Info

    • Manual

    • Not Applicable

    • Inconsistent

Compliance scan status overview

By understanding the compliance scan status, you can manage the overall security posture of your environment.

Status Description

Fail

The compliance check failed.

Pass

The compliance check passed.

Not Applicable

Skipped the compliance check because it was not applicable.

Info

The compliance check gathered data, but RHACS could not make a pass or fail determination.

Error

The compliance check failed due to a technical issue.

Manual

Manual intervention is required to ensure compliance.

Inconsistent

The compliance scan data is inconsistent, and requires closer inspection and targeted resolution.