×

The compliance feature ensures that your Kubernetes clusters adhere to industry standards and regulatory requirements. It provides automated compliance checks that enable you to continuously monitor your clusters against predefined benchmarks such as CIS, PCI-DSS, HIPAA, and so on.

The feature includes detailed reports and remediation guidance to help administrators quickly identify and resolve compliance issues. You can view the compliance results associated with your cluster by using the compliance feature in the Red Hat Advanced Cluster Security for Kubernetes (RHACS) portal.

The compliance feature summarizes information into the following sections:

  • Dashboard, formerly known as Compliance 1.0, summarizes the compliance information collected from all your clusters. It covers workload and infrastructure compliance.

    By running a compliance scan in RHACS, you can monitor the entire Kubernetes infrastructure and workloads and ensure that they meet the required standards. You can use the compliance dashboard for filtering and detailed reporting.

    For more information, see Monitoring workload and cluster compliance.

  • Schedules and Coverage (Tech preview), formerly known as Compliance 2.0, summarizes the compliance information in a single interface after the scheduled scans by using the Compliance Operator.

    If you have Red Hat OpenShift clusters with the Compliance Operator installed, you can create and manage compliance scan schedules directly in RHACS on the schedules page. The coverage page shows you the scan results associated with a benchmark and profile in a single interface.

Compliance assessment and reporting by using RHACS

On the dashboard page, you can assess and report on the compliance of your containerized infrastructure and workloads with the applicable technical controls from a range of security and regulatory frameworks.

You can run out-of-the-box compliance scans based on the following industry standards:

  • Center for Internet Security (CIS) Benchmarks for Kubernetes

  • Health Insurance Portability and Accountability Act (HIPAA)

  • National Institute of Standards and Technology (NIST) Special Publication 800-190

  • NIST Special Publication 800-53

  • Payment Card Industry Data Security Standard (PCI DSS)

  • OpenShift Compliance Operator Profiles: The Compliance Operator evaluates the compliance of both the OpenShift Container Platform Kubernetes API resources and the nodes running the cluster. There are several profiles available as part of the Compliance Operator installation.

    For more information about the available profiles, see Supported compliance profiles.

By scanning your environment based on these standards, you can:

  • Evaluate your infrastructure for regulatory compliance.

  • Harden your Kubernetes orchestrator.

  • Understand and manage the overall security posture of your environment.

  • Get a detailed overview of the compliance status of clusters, namespaces, and nodes.