Red Hat SummitChapter 3. Managing compliance
3.1. Compliance feature overview
The compliance feature ensures that your Kubernetes clusters adhere to industry standards and regulatory requirements. It provides automated compliance checks that enable you to continuously monitor your clusters against predefined benchmarks such as CIS, PCI-DSS, HIPAA, and so on.
The feature includes detailed reports and remediation guidance to help administrators quickly identify and resolve compliance issues. You can view the compliance results associated with your cluster by using the compliance feature in the Red Hat Advanced Cluster Security for Kubernetes (RHACS) portal.
The compliance feature summarizes information into the following sections:
- OpenShift infrastructure compliance
- Dashboard (deprecated)
3.1.1. OpenShift infrastructure compliance
Formerly known as Compliance 2.0, summarizes the compliance information in a single interface after the scheduled scans by using the Compliance Operator.
- If you have Red Hat OpenShift clusters with the Compliance Operator installed, you can create and manage compliance scan schedules directly in RHACS on the schedules page. The coverage page shows you the scan results associated with a benchmark and profile in a single interface.
You can now use the new OpenShift infrastructure compliance feature to assess compliance across your entire OpenShift cluster fleet and ensure consistent adherence to the security policies of your organization. RHACS now generates reports even if some clusters in a scheduled scan fail, so that you can maintain visibility into the compliance status of successfully scanned clusters without data gaps.
For more information, see Using OpenShift compliance.
3.1.2. Dashboard (deprecated)
Formerly known as Compliance 1.0, summarizes the compliance information collected from all your clusters. It covers workload and infrastructure compliance. The dashboard is deprecated in RHACS 4.8 and will be removed in a future release.
By running a compliance scan in RHACS, you can monitor the entire Kubernetes infrastructure and workloads and ensure that they meet the required standards. You can use the compliance dashboard for filtering and detailed reporting.
For more information, see Using the compliance dashboard (deprecated).
3.1.2.1. Compliance assessment and reporting by using RHACS
On the dashboard page, you can assess and report on the compliance of your containerized infrastructure and workloads with the applicable technical controls from a range of security and regulatory frameworks.
You can run out-of-the-box compliance scans based on the following industry standards:
- Center for Internet Security (CIS) Benchmarks for Kubernetes
- Health Insurance Portability and Accountability Act (HIPAA)
- National Institute of Standards and Technology (NIST) Special Publication 800-190
- NIST Special Publication 800-53
- Payment Card Industry Data Security Standard (PCI DSS)
OpenShift Compliance Operator Profiles
The Compliance Operator evaluates the compliance of both the OpenShift Container Platform Kubernetes API resources and the nodes running the cluster. There are several profiles available as part of the Compliance Operator installation.
For more information about the available profiles, see Supported compliance profiles.
By scanning your environment based on these standards, you can:
- Evaluate your infrastructure for regulatory compliance.
- Harden your Kubernetes orchestrator.
- Understand and manage the overall security posture of your environment.
- Get a detailed overview of the compliance status of clusters, namespaces, and nodes.
3.2. Using the compliance dashboard (deprecated)
By performing compliance scans, you can check the compliance status of your entire infrastructure in RHACS. You can view the results in the compliance dashboard, where you can filter data and monitor compliance status across clusters, namespaces and nodes.
By generating detailed compliance reports and focusing on specific standards, controls and industry benchmarks, you can track and share the compliance status of your environment, and ensure that your infrastructure meets the required compliance standards.
3.2.1. Checking the compliance status of your infrastructure
By performing a compliance scan, you can check the compliance status of your entire infrastructure for all compliance standards. When you run a compliance scan, Red Hat Advanced Cluster Security for Kubernetes (RHACS) creates a data snapshot of your environment. The data snapshot includes alerts, images, network policies, deployments, and related host-based data.
Central collects the host-based data from Sensors running in your clusters. Central then collects further data from the compliance container running in each Collector pod.
The compliance container collects the following data about your environment:
- Configurations for the container daemon, container runtime and container image.
- Information about container networks.
- Command-line arguments and processes for the container runtime, Kubernetes, and OpenShift Container Platform.
- Permissions for specific file paths.
- Configuration files for Kubernetes and OpenShift Container Platform core services.
- After data collection is complete, Central checks the data to determine the results. You can view the results in the compliance dashboard and create compliance reports based on the results.
The following terms are associated with a compliance scan:
- Control
- Describes a single line item in an industry or regulatory standard that an auditor uses to evaluate an information system for compliance with that standard. RHACS verifies evidence of compliance with a single control by performing one or more checks.
- Check
- Is the single test performed during a single control assessment.
- Some controls have multiple checks associated with them. If one of the associated checks for a control fails, the entire control state is marked as Fail.
Procedure
-
In the RHACS portal, click Compliance
Dashboard. Optional: By default, information on all standards is displayed in the compliance results.
To display information about specific standards only, perform the following steps:
- Click Manage standards.
- By default, all standards are selected. Clear the checkbox for any specific standard that you do not want to display.
Click Save.
Standards that are not selected do not appear in the dashboard display, including the widgets, in the compliance results tables accessible from the dashboard, and in the PDF files created by using the Export button. However, when exporting the results as a CSV file, all default standards are included.
Click Scan environment.
NoteScanning the entire environment takes about 2 minutes to complete. This time might vary depending on the number of clusters and nodes in your environment.
Verification
- In the RHACS portal, click Configuration Management.
- In the CIS Kubernetes v1.5 widget, click Scan.
- RHACS displays a message which indicates that a compliance scan is in progress.
3.2.2. Viewing the compliance standards across your environment
The compliance dashboard gives you an overview of the compliance standards in all clusters, namespaces, and nodes in your environment, including charts and options to investigate potential compliance issues.
You can view the compliance scan results for an individual cluster, namespace, or node. You can also generate reports on the compliance status of your containerized environment.
Procedure
In the RHACS portal, click Compliance
Dashboard. NoteWhen you open the compliance dashboard for the first time, you see the dashboard is empty. Perform a compliance scan to fill the dashboard with data.
3.2.3. Compliance dashboard overview
After you have performed a compliance scan, the compliance dashboard displays the results as the compliance status for your environment. You can view compliance violations directly from the dashboard. To find out if your environment is compliant against specific benchmarks, filter the detailed view and drill down into the compliance standards.
You can use shortcuts to check the compliance status of clusters, namespaces, and nodes, which are located at the upper right of your compliance dashboard. Clicking these shortcuts, you can view the compliance snapshot and generate reports on the overall compliance of your clusters, namespaces, or nodes.
3.2.3.1. Viewing the compliance status for clusters
By viewing the compliance status for clusters, you can monitor and ensure that your clusters adhere to the required compliance standards.
You can view the compliance status for all clusters or an individual cluster in the compliance dashboard.
Procedure
To view the compliance status for all clusters in your environment:
-
In the RHACS portal, click Compliance
Dashboard clusters tab.
-
In the RHACS portal, click Compliance
To view the compliance status for a specific cluster in your environment, perform the following steps:
-
In the RHACS portal, click Compliance
Dashboard. - Look for the Passing standards by cluster widget.
- In this widget, click a cluster name to view its compliance status.
-
In the RHACS portal, click Compliance
3.2.3.2. Viewing the compliance status for namespaces
By viewing the compliance status for namespaces, you can monitor and ensure that each namespace adheres to the required compliance standards.
You can view the compliance status for all namespaces or a single namespace in the compliance dashboard.
Procedure
To view the compliance status for all namespaces in your environment:
-
In the RHACS portal, click Compliance
Dashboard namespaces tab.
-
In the RHACS portal, click Compliance
To view the compliance status for a specific namespace in your environment, perform the following steps:
-
In the RHACS portal, click Compliance
Dashboard namespaces tab. - In the Namespaces table, click a namespace. A side panel opens, which is located on the right side.
- In the side panel, click the name of the namespace to view its compliance status.
-
In the RHACS portal, click Compliance
3.2.3.3. Viewing the compliance status for a specific standard
By viewing the compliance status for a specific standard, you can ensure that your environment adheres to industry and regulatory compliance requirements.
Red Hat Advanced Cluster Security for Kubernetes (RHACS) supports NIST, PCI DSS, NIST, HIPAA, and CIS for Kubernetes compliance standards. You can view all the compliance controls for a single compliance standard.
Procedure
-
In the RHACS portal, click Compliance
Dashboard. - Look for the Passing standards across clusters widget.
- Click a standard to view information about all the controls associated with that standard.
3.2.3.4. Viewing the compliance status for a specific control
By viewing the compliance status for a specific control, you can ensure that your environment meets detailed compliance requirements.
You can view the compliance status for a specific control for a selected standard.
Procedure
-
In the RHACS portal, click Compliance
Dashboard. - Look for the Passing standards by cluster widget.
- Click a standard to view information about all the controls associated with that standard.
- In the Controls table, click a control. A side panel opens, which is located on the right side.
- In the side panel, click the name of the control to view its details.
3.2.4. Limiting the amount of data visible in the compliance dashboard
By filtering the compliance data, you can focus your attention on a subset of clusters, industry standards, passed or failed controls, and limit the amount of data visible in the compliance dashboard.
Procedure
-
In the RHACS portal, click Compliance
Dashboard. - Click either the clusters, namespaces, or nodes tab to open the details page.
- Enter your filtering criteria in the search bar, and then click Enter.
3.2.5. Tracking the compliance status of your environment
By generating compliance reports, you can keep a track of the compliance status of your environment. You can use these reports to convey compliance status across various industry mandates to other stakeholders.
You can generate the following reports:
- Executive reports
- Focuses on the business aspect and include charts and a summary of the compliance status in PDF format.
- Evidence reports
- Focuses on the technical aspect and contain detailed information in CSV format.
Procedure
-
In the RHACS portal, click Compliance
Dashboard. Click the Export tab to do any of the following tasks:
- To generate an executive report, select Download Page as PDF.
To generate an evidence report, select Download Evidence as CSV.
TipThe Export option appears on all compliance pages and filtered views.
3.2.5.1. Evidence reports
You can export comprehensive compliance-related data from Red Hat Advanced Cluster Security for Kubernetes (RHACS) in CSV format as an evidence report. This evidence report contains detailed information about the compliance assessment, and is tailored for technical roles, such as compliance auditors, DevOps engineers, or security practitioners.
An evidence report contains the following information:
| CSV field | Description |
|---|---|
| Standard | The compliance standard, for example, CIS Kubernetes. |
| Cluster | The name of the assessed cluster. |
| Namespace | The name of the namespace or project where the deployment exists. |
| Object Type |
The Kubernetes entity type of the object. For example, |
| Object Name |
The name of the object, which is a Kubernetes systems-generated string that uniquely identify objects. For example, |
| Control | The control number as it appears in the compliance standard. |
| Control Description | Description about the compliance check that the control carries out. |
| State | Whether the compliance check passed or failed. |
| Evidence | The explanation about why a specific compliance check failed or passed. |
| Assessment Time | The time and date when you ran the compliance scan. |
3.2.6. Supported benchmark versions
Red Hat Advanced Cluster Security for Kubernetes (RHACS) supports compliance checks against the following industry standards and regulatory frameworks:
| Benchmark | Supported version |
|---|---|
| CIS Benchmark (Center for Internet Security) for Kubernetes | CIS Kubernetes v1.5.0 |
| HIPAA (Health Insurance Portability and Accountability Act) | HIPAA 164 |
| NIST (National Institute of Standards and Technology) | NIST Special Publication 800-190 and 800-53 Rev. 4 |
| PCI DSS (Payment Card Industry Data Security Standard) | PCI DSS 3.2.1 |
3.3. Using OpenShift compliance
You can create and manage compliance scan schedules on the schedules page that meet your operational needs. You can only have one schedule that scans the same profile on the same cluster.
By viewing and filtering the scan results on the coverage page, you can monitor the compliance status across all clusters.
3.3.1. Customizing and automating your compliance scans
By creating a compliance scan schedule, you can customize and automate your compliance scans to align with your operational requirements.
You can only have one schedule that scans the same profile on the same cluster. This means that you cannot create multiple scan schedules for the same profile on a single cluster.
Prerequisites
You have installed the Compliance Operator version 1.6.0 or later.
For more information about how to install the Compliance Operator, see "Using the Compliance Operator with Red Hat Advanced Cluster Security for Kubernetes".
Note- Currently, the compliance feature and the Compliance Operator evaluate only infrastructure and platform compliance.
- To use the compliance feature, you must run the Compliance Operator on a Red Hat OpenShift cluster.
Procedure
-
In the RHACS portal, click Compliance
OpenShift Schedules. - Click Create scan schedule.
In the Create scan schedule page, provide the following information:
- Name: Enter a name to identify different compliance scans.
- Description: Specify the reason for each compliance scan.
Schedule: Adjust the scan schedule to fit your required schedule:
Frequency: From the drop-down list, select how often you want to run the scan. If you do not select a frequency,
Dailyis selected automatically.The following values are associated with how often you want to perform the scan:
-
Daily -
Weekly -
Monthly
-
On day(s): From the list, select one or more days of the week on which you want to perform the scan.
The following values are associated with the days of the week on which you want to perform the scan:
-
Monday -
Tuesday -
Wednesday -
Thursday -
Friday -
Saturday -
Sunday -
The first of the month The middle of the monthNoteThese values are only applicable if you specify the frequency of scan as
WeeklyorMonthly.
-
-
Time: Start to type the time in
hh:mmat which you want to run the scan. From the list that is displayed, select a time.
- Click Next.
- Select one or more healthy clusters that you want to include in the scan.
- Click Next.
- Select one or more profiles that you want to include in the scan.
- Click Next.
Optional: To configure email delivery destinations for manually triggered reports, perform the following steps:
NoteYou can add one or more delivery destinations.
- Expand Add delivery destination.
In the Delivery destination page, provide the following information:
Email notifier: Select an email notifier from the drop-down list.
Optional: To configure the setting for a new email notifier integration, perform the following steps:
- From Select a notifier drop-down list, click Create email notifier.
In the Create email notifier page, provide the following information:
- Integration name: Enter a unique name for the email notifier. This name helps you identify and manage this specific email notifier configuration.
- Email server: Specify the address of the SMTP server that you want to use to send the emails.
- Username: Enter the username that is required for authentication with the SMTP server. This is often the email address used for sending the emails.
- Password: Enter the password associated with the SMTP username. This password is used for authentication with the SMTP server.
- From: This address usually represents the sender of the emails and is visible to the recipients. This is optional.
- Sender: Enter the name of the sender, which is displayed together with the From email address. This name helps recipients identify who sent the email.
- Default recipient: Enter the default email address that should receive the notifications if no specific recipient is specified. This ensures that there is always a recipient for the emails.
- Annotation key for recipient: Specify the annotation key to define a recipient that you want to notify about the policy violations related to a specific deployment or namespace. This is optional.
- Optional: Select the Enable unauthenticated SMTP checkbox, if your SMTP server does not require authentication. This is not recommended due to security reasons.
- Optional: Select the Disable TLS certificate validation (insecure) checkbox, if you want to disable TLS certificate validation. This is not recommended due to security reasons.
Optional: In the Use STARTTLS (requires TLS to be disabled) field, select the type of STARTTLS for securing the connection to the SMTP server from the drop-down list.
ImportantTo use this option, you must disable TLS certificate validation.
The following values are associated with the type of STARTTLS for securing the connection to the SMTP server:
DisabledData is not encrypted.
PlainEncodes username and password in base64.
LoginSends username and password as separate base64-encoded strings for added security.
- Click Save integration.
- Distribution list: Enter one or more comma-separated email addresses of the recipients who should receive the report.
Email template: The default template is automatically applied.
Optional: To customize the email subject and body as needed, perform the following steps:
- Click the pencil icon.
In the Edit email template page, provide the following information:
- Email subject: Enter the desired subject line for the email. This subject is displayed in the recipient’s inbox and should clearly indicate the purpose of the email.
- Email body: Compose the text of the email. This is the main content of the email and can include text, placeholders for dynamic content and any formatting necessary to get your message across effectively.
- Click Apply.
- Click Next.
- Review your scan configuration, and then click Save.
Verification
-
In the RHACS portal, click Compliance
OpenShift Schedules. - Select the compliance scan that you have created.
- In the Clusters section, verify that the operator status is healthy.
Optional: To edit the scan schedule, perform the following steps:
- From the Actions drop-down list, which is in the upper right of the page, select Edit scan schedule.
- Make your changes.
- Click Save.
Optional: To manually send a scan report:
Note- You can only send a scan report manually if you have configured an email delivery destination.
- Compliance reporting is only available for clusters running Compliance Operator version 1.6.0 or later.
From the Actions drop-down list, which is in the upper right of the page, select Send report.
You receive a confirmation that you have requested to send a report.
Optional: To download a scan report, perform the following steps:
NoteCompliance reporting is only available for clusters running Compliance Operator version 1.6.0 or later.
From the Actions drop-down list, which is in the upper right of the page, select Generate download.
You receive a confirmation that the report generation has started.
- Click the All report jobs tab.
- Optional: Set View only my jobs to on.
- Locate the report job that you created.
- Wait until the download is complete, and then click Ready for download.
-
Optional: To delete the report job, click the overflow menu
and then select Delete download.
3.3.1.1. Analyzing compliance scan schedules
By viewing the Schedules page, you can analyze the various attributes of the compliance scan schedule that you created.
Prerequisites
You have created a compliance scan schedule.
For more information about how to create a compliance scan schedule, see "Customizing and automating your compliance scans".
Procedure
-
In the RHACS portal, click Compliance
OpenShift Schedules. - Optional: To sort the compliance scan schedules in ascending or descending order, select the Name column heading.
- Select the compliance scan that you have created.
- Optional: To sort the cluster health information in ascending or descending order, select a column heading in the Clusters section.
Optional: To view the status of the one or more requested jobs from different users:
- Click the All report jobs tab.
- You can find the status of the one or more report jobs in the Status column.
Optional: Choose the appropriate method to re-organize the information in the All report jobs section:
- To sort the jobs in ascending or descending order, select the Completed column heading.
To filter the jobs based on the report run states, select one or more states from the Filter by report run states drop-down list.
The following values are associated with the report run states:
-
Waiting -
Preparing -
Report ready for download -
Partial report ready for download -
Report successfully sent -
Partial report successfully sent -
Report failed to generate
-
- To view only the jobs that you created, set View only my jobs to on.
Optional: To view the job details associated with a report job, perform the following steps:
- Locate the report job for which you want to view the job details.
- To view the job details, expand the report job.
3.3.1.2. OpenShift Schedules page overview
The OpenShift Schedules page lists all the scan schedules and organizes information into the following groups:
- Name
- The unique identifier or title given to each scan schedule.
- Schedule
- Indicates the frequency and timing of the scan.
- Last scanned
- Indicates the date and time of the most recent scan for that schedule.
- Clusters
- Lists the clusters included in the scan schedule.
- Profiles
- Identifies the one or more profiles applied in the compliance scan.
- My last job status
Shows the status of your job.
The following values are associated with the job status:
Waiting- The report job is in the queue.
Preparing- The report job is being processed.
Report ready for download- The report is ready and available for download.
Partial report ready for download- A report is partially complete and ready for download.
Report successfully sent- The report was successfully emailed.
Partial report successfully sent- A report is partially complete and was successfully emailed.
Report failed to generate- There was an issue with the report job. Hover to view the error message.
None- There are no recent jobs available.
To view the configuration details and report job status associated with a compliance scan, select the compliance scan you created.
3.3.1.2.1. Configuration details tab
The Configuration details tab displays information about the scan schedule information such as the essential parameters, cluster status, associated profiles, and email delivery destinations.
Parameters section
The Parameters section organizes information into the following groups:
- Name
- The unique identifier for the compliance scan.
- Description
- Specifies additional information about the compliance scan.
- Schedule
- Specifies when the compliance scans should run.
- Last scanned
- The timestamp of the last compliance scan performed.
- Last updated
- The last date and time that the compliance scan data was modified.
Clusters section
The Clusters section organizes information into the following groups:
- Cluster
- Lists the one or more clusters associated with a compliance scan.
- Operator status
- Indicates the current health or operational status of the Operator.
Profiles section
The Profiles section lists the one or more profiles associated with a compliance scan.
Delivery destinations section
The Delivery destinations section organizes information into the following groups:
- Email notifier
- Specifies the email notification system or tool set up to distribute reports or alerts.
- Distribution list
- Lists the recipients who should receive the notifications or reports.
- Email template
- Specifies the email format used for the notifications. You can use the default or customize the email subject and body as needed.
3.3.1.2.2. All report jobs tab
The All report jobs tab shows the current status and requester for each report job, with completed jobs indicated in the row expansion section.
The report jobs are organized into the following groups:
- Completed
- Indicates which report jobs have been finished.
- Status
Displays the current state of each report job.
The following values are associated with the report job status:
Waiting- The report job is in the queue.
Preparing- The report job is being processed.
Report ready for download- The report is ready and available for download.
Partial report ready for download- A report is partially complete and ready for download.
Report successfully sent- The report was successfully emailed.
Partial report successfully sent- A report is partially complete and was successfully emailed.
Report failed to generate- There was an issue with the report job. Hover to view the error message.
None- There are no recent jobs available.
- Requester
- Identifies the user or system account that initiated the report job.
3.3.2. Assessing the profile compliance across clusters
By viewing the Coverage page, you can assess the profile compliance for nodes and platform resources across clusters.
Prerequisites
You have installed the Compliance Operator version 1.6.0 or later.
For more information about how to install the Compliance Operator, see "Using the Compliance Operator with Red Hat Advanced Cluster Security for Kubernetes".
Note- Currently, the compliance feature and the Compliance Operator evaluate only infrastructure and platform compliance.
- The compliance feature requires the Compliance Operator to be running and does not support Amazon Elastic Kubernetes Service (EKS).
You have created a compliance scan schedule.
For more information about how to create a compliance scan schedule, see "Customizing and automating your compliance scans".
Procedure
-
In the RHACS portal, click Compliance
OpenShift Coverage.
3.3.2.1. OpenShift Coverage page overview
When you view the Coverage page and apply a filter to a schedule, all results are filtered accordingly. This filter remains active for all coverage pages until you delete it. You can always view the results based on a single profile.
You can select profiles grouped according to their associated benchmarks by using the toggle group. You calculate the compliance percentage based on the number of passed checks in relation to the total number of checks.
The Coverage page now only shows the results of the last scan. If the last scan fails, the Red Hat Advanced Cluster Security for Kubernetes (RHACS) deletes the previous results and you cannot see any information for this scan on the Coverage page.
The Checks view lists the profile checks and enables you to easily navigate and understand your compliance status.
The profile check information is organized into the following groups:
- Check
- The name of the profile check.
- Controls
- Shows the various controls associated with each check.
- Fail status
- Shows the checks that have failed and require your attention.
- Pass status
- Shows the checks that have been successfully passed.
- Manual status
- Shows the checks that require a manual review because additional organizational or technical knowledge is required that you cannot automate.
- Other status
- Shows the checks with a status other than pass or fail, such as warnings or informational statuses.
- Compliance
- Shows the overall compliance status and helps you to ensure that your environment meets the required standards.
The Clusters view lists the clusters and enables you to effectively monitor and manage your clusters.
The cluster information is organized into the following groups:
- Cluster
- The name of the cluster.
- Last scanned
- Indicates when the individual clusters were last scanned.
- Fail status
- Shows the clusters whose scan has failed and which require your attention.
- Pass status
- Shows the clusters that have successfully passed all checks.
- Manual status
- Shows the checks that require a manual review because additional organizational or technical knowledge is required that you cannot automate.
- Other status
- Shows the clusters that have a status other than pass or fail, such as warnings or informational alerts.
- Compliance
- Shows the overall compliance status of your clusters and helps you to ensure that they meet the required standards.
3.3.2.2. Monitoring and analyzing the health of your clusters
By viewing the status of a profile check, you can efficiently monitor and analyze the health of your clusters.
Wait until the Compliance Operator returns the scan results. It might take a few minutes.
Procedure
-
In the RHACS portal, click Compliance
OpenShift Coverage. - Select a cluster to view the details of the individual scans.
Optional: Choose the appropriate method to re-organize the information in the Coverage page.
- To filter the scan results based on a scan schedule, from the drop-down list, select the scan schedule. If you do not select a particular scan schedule, All scan schedules is selected automatically.
To filter the scan results based on an entity and its attributes, do any of the following tasks:
ImportantTo select multiple entities and attributes, click the right arrow icon to add another search criteria.
- To filter the scan results based on a profile check, enter the name of the profile check in the search bar to view the status.
To filter the scan results based on cluster attributes, from the drop-down list, select Cluster, and then select an attribute. Enter the details of the cluster attribute in the search bar to view the status.
The following values are associated with the attributes of a cluster:
-
ID -
Name -
Label -
Type -
Platform Type
-
Optional: From the Compliance status drop-down list, select one or more statuses by using which you want to filter the scan details.
The following values are associated with how you want to filter the scan details:
-
Pass -
Fail -
Error -
Info -
Manual -
Not Applicable -
Inconsistent
-
3.3.2.3. Compliance scan status overview
By understanding the compliance scan status, you can manage the overall security posture of your environment.
| Status | Description |
|---|---|
|
| The compliance check failed. |
|
| The compliance check passed. |
|
| Skipped the compliance check because it was not applicable. |
|
| The compliance check gathered data, but RHACS could not make a pass or fail determination. |
|
| The compliance check failed due to a technical issue. |
|
| Manual intervention is required to ensure compliance. |
|
| The compliance scan data is inconsistent, and requires closer inspection and targeted resolution. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}