diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index aa956ec5e053..172d13fe6077 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -206,10 +206,10 @@ Topics: Topics: - Name: Compliance feature overview File: compliance-feature-overview - - Name: Monitoring workload and cluster compliance - File: monitoring-workload-and-cluster-compliance - - Name: Scheduling compliance scans and assessing profile compliance - File: scheduling-compliance-scans-and-assessing-profile-compliance + - Name: Using the compliance dashboard (deprecated) + File: using-the-compliance-dashboard + - Name: Using OpenShift compliance + File: using-openshift-compliance - Name: Evaluating security risks File: evaluate-security-risks - Name: Using admission controller enforcement diff --git a/modules/assessing-the-profile-compliance-across-clusters.adoc b/modules/assessing-the-profile-compliance-across-clusters.adoc index 08759b72d786..f454832314d6 100644 --- a/modules/assessing-the-profile-compliance-across-clusters.adoc +++ b/modules/assessing-the-profile-compliance-across-clusters.adoc @@ -27,4 +27,4 @@ For more information about how to create a compliance scan schedule, see "Custom .Procedure -* In the {product-title-short} portal, click *Compliance -> Coverage*. \ No newline at end of file +* In the {product-title-short} portal, click *Compliance -> OpenShift Coverage*. \ No newline at end of file diff --git a/modules/customizing-and-automating-your-compliance-scans.adoc b/modules/customizing-and-automating-your-compliance-scans.adoc index 7f0277c2beb8..127de9f7d23c 100644 --- a/modules/customizing-and-automating-your-compliance-scans.adoc +++ b/modules/customizing-and-automating-your-compliance-scans.adoc @@ -13,7 +13,6 @@ By creating a compliance scan schedule, you can customize and automate your comp You can only have one schedule that scans the same profile on the same cluster. This means that you cannot create multiple scan schedules for the same profile on a single cluster. ==== - .Prerequisites * You have installed the Compliance Operator version 1.6.0 or later. @@ -24,7 +23,7 @@ For more information about how to install the Compliance Operator, see "Using th ==== ** Currently, the compliance feature and the Compliance Operator evaluate only infrastructure and platform compliance. -** The compliance feature requires the Compliance Operator to be running and does _not_ support Amazon Elastic Kubernetes Service (EKS). +** To use the compliance feature, you must run the Compliance Operator on a {osp} cluster. ==== .Procedure diff --git a/operating/compliance-operator-rhacs.adoc b/operating/compliance-operator-rhacs.adoc index 5824ef7342f4..8e7f7dfa6eff 100644 --- a/operating/compliance-operator-rhacs.adoc +++ b/operating/compliance-operator-rhacs.adoc @@ -35,7 +35,7 @@ include::modules/compliance-operator-install.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources -* xref:../operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc#customizing-and-automating-your-compliance-scans_scheduling-scans-and-assessing-profile-compliance[Customizing and automating your compliance scans] +* xref:../operating/manage-compliance/using-openshift-compliance.adoc#customizing-and-automating-your-compliance-scans_using-openshift-compliance[Customizing and automating your compliance scans] //Configuring the ScanSettingBinding object include::modules/compliance-operator-configure-scanning.adoc[leveloffset=+1] @@ -47,6 +47,6 @@ include::modules/compliance-operator-configure-scanning.adoc[leveloffset=+1] * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-latest-version}/html/security_and_compliance/compliance-operator#understanding-compliance-operator[Understanding the Compliance Operator] * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-latest-version}/html/security_and_compliance/compliance-operator#compliance-operator-scans[Compliance Operator scans] -* xref:../operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc#checking-the-compliance-status-of-your-infrastructure_monitoring-workload-and-cluster-compliance[Checking the compliance status of your infrastructure] -* xref:../operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc#viewing-the-compliance-standards-across-your-environment_monitoring-workload-and-cluster-compliance[Viewing the compliance standards across your environment] -* xref:../operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc#assessing-the-profile-compliance-across-clusters_scheduling-scans-and-assessing-profile-compliance[Assessing the profile compliance across clusters] \ No newline at end of file +* xref:../operating/manage-compliance/using-the-compliance-dashboard.adoc#checking-the-compliance-status-of-your-infrastructure_using-the-compliance-dashboard[Checking the compliance status of your infrastructure] +* xref:../operating/manage-compliance/using-the-compliance-dashboard.adoc#viewing-the-compliance-standards-across-your-environment_using-the-compliance-dashboard[Viewing the compliance standards across your environment] +* xref:../operating/manage-compliance/using-openshift-compliance.adoc#assessing-the-profile-compliance-across-clusters_using-openshift-compliance[Assessing the profile compliance across clusters] \ No newline at end of file diff --git a/operating/manage-compliance/compliance-feature-overview.adoc b/operating/manage-compliance/compliance-feature-overview.adoc index 39ec952e46ed..1cb7dac5877f 100644 --- a/operating/manage-compliance/compliance-feature-overview.adoc +++ b/operating/manage-compliance/compliance-feature-overview.adoc @@ -12,25 +12,34 @@ The feature includes detailed reports and remediation guidance to help administr The compliance feature summarizes information into the following sections: -Dashboard:: Formerly known as _Compliance 1.0_, summarizes the compliance information collected from all your clusters. It covers workload and infrastructure compliance. -+ +* OpenShift infrastructure compliance +* Dashboard (deprecated) + +[id="openshift-infrastructure-compliance_{context}"] +== OpenShift infrastructure compliance + +Formerly known as _Compliance 2.0_, summarizes the compliance information in a single interface after the scheduled scans by using the Compliance Operator. + [IMPORTANT] ==== -By running a compliance scan in {product-title-short}, you can monitor the entire Kubernetes infrastructure and workloads and ensure that they meet the required standards. You can use the compliance dashboard for filtering and detailed reporting. +* If you have {osp} clusters with the Compliance Operator installed, you can create and manage compliance scan schedules directly in {product-title-short} on the schedules page. The coverage page shows you the scan results associated with a benchmark and profile in a single interface. -For more information, see xref:../../operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc#monitoring-workload-and-cluster-compliance[Monitoring workload and cluster compliance]. +* You can now use the new OpenShift infrastructure compliance feature to assess compliance across your entire OpenShift cluster fleet and ensure consistent adherence to the security policies of your organization. {product-title-short} now generates reports even if some clusters in a scheduled scan fail, so that you can maintain visibility into the compliance status of successfully scanned clusters without data gaps. ++ +For more information, see xref:../../operating/manage-compliance/using-openshift-compliance.adoc#using-openshift-compliance[Using OpenShift compliance]. ==== -OpenShift Schedules and OpenShift Coverage:: Formerly known as _Compliance 2.0_, summarizes the compliance information in a single interface after the scheduled scans by using the Compliance Operator. -+ +[id="dashboard_{context}"] +== Dashboard (deprecated) + +Formerly known as _Compliance 1.0_, summarizes the compliance information collected from all your clusters. It covers workload and infrastructure compliance. The dashboard is deprecated in {product-title-short} 4.8 and will be removed in a future release. + [IMPORTANT] ==== -* If you have {osp} clusters with the Compliance Operator installed, you can create and manage compliance scan schedules directly in {product-title-short} on the schedules page. The coverage page shows you the scan results associated with a benchmark and profile in a single interface. +By running a compliance scan in {product-title-short}, you can monitor the entire Kubernetes infrastructure and workloads and ensure that they meet the required standards. You can use the compliance dashboard for filtering and detailed reporting. -* You can now use the new OpenShift Infrastructure Compliance feature to assess compliance across your entire OpenShift cluster fleet and ensure consistent adherence to the security policies of your organization. {product-title-short} now generates reports even if some clusters in a scheduled scan fail, so that you can maintain visibility into the compliance status of successfully scanned clusters without data gaps. -+ -For more information, see xref:../../operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc#scheduling-compliance-scans-and-assessing-profile-compliance[Scheduling compliance scans and assessing profile compliance]. +For more information, see xref:../../operating/manage-compliance/using-the-compliance-dashboard.adoc#using-the-compliance-dashboard[Using the compliance dashboard (deprecated)]. ==== //Compliance assessment and reporting by using {product-title-short} -include::modules/compliance-assessment-and-reporting-by-using-rhacs.adoc[leveloffset=+1] \ No newline at end of file +include::modules/compliance-assessment-and-reporting-by-using-rhacs.adoc[leveloffset=+2] \ No newline at end of file diff --git a/operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc b/operating/manage-compliance/using-openshift-compliance.adoc similarity index 72% rename from operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc rename to operating/manage-compliance/using-openshift-compliance.adoc index 04a0dfdec4d9..3404d12a5d5d 100644 --- a/operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc +++ b/operating/manage-compliance/using-openshift-compliance.adoc @@ -1,8 +1,8 @@ :_mod-docs-content-type: ASSEMBLY -[id="scheduling-compliance-scans-and-assessing-profile-compliance"] -= Scheduling compliance scans and assessing profile compliance +[id="using-openshift-compliance"] += Using OpenShift compliance include::modules/common-attributes.adoc[] -:context: scheduling-scans-and-assessing-profile-compliance +:context: using-openshift-compliance toc::[] @@ -24,7 +24,7 @@ include::modules/analyzing-compliance-scan-schedules.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources -* xref:../../operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc#customizing-and-automating-your-compliance-scans_scheduling-scans-and-assessing-profile-compliance[Customizing and automating your compliance scans] +* xref:../../operating/manage-compliance/using-openshift-compliance.adoc#customizing-and-automating-your-compliance-scans_using-openshift-compliance[Customizing and automating your compliance scans] //OpenShift Schedules page overview include::modules/schedules-page-overview.adoc[leveloffset=+2] @@ -42,7 +42,7 @@ include::modules/assessing-the-profile-compliance-across-clusters.adoc[leveloffs .Additional resources * xref:../../operating/compliance-operator-rhacs.adoc#compliance-operator-rhacs[Using the Compliance Operator with {product-title}] -* xref:../../operating/manage-compliance/scheduling-compliance-scans-and-assessing-profile-compliance.adoc#customizing-and-automating-your-compliance-scans_scheduling-scans-and-assessing-profile-compliance[Customizing and automating your compliance scans] +* xref:../../operating/manage-compliance/using-openshift-compliance.adoc#customizing-and-automating-your-compliance-scans_using-openshift-compliance[Customizing and automating your compliance scans] //OpenShift Coverage page overview include::modules/coverage-page-overview.adoc[leveloffset=+2] diff --git a/operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc b/operating/manage-compliance/using-the-compliance-dashboard.adoc similarity index 93% rename from operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc rename to operating/manage-compliance/using-the-compliance-dashboard.adoc index 170b2dbc5a14..6b41ce1d3ed3 100644 --- a/operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc +++ b/operating/manage-compliance/using-the-compliance-dashboard.adoc @@ -1,8 +1,8 @@ :_mod-docs-content-type: ASSEMBLY -[id="monitoring-workload-and-cluster-compliance"] -= Monitoring workload and cluster compliance +[id="using-the-compliance-dashboard"] += Using the compliance dashboard (deprecated) include::modules/common-attributes.adoc[] -:context: monitoring-workload-and-cluster-compliance +:context: using-the-compliance-dashboard toc::[] diff --git a/operating/view-dashboard.adoc b/operating/view-dashboard.adoc index 74532ac0fd88..b2531b8f5b1c 100644 --- a/operating/view-dashboard.adoc +++ b/operating/view-dashboard.adoc @@ -112,6 +112,6 @@ You can use the *Compliance by standard* widget with the Dashboard filter to foc ==== The *Compliance* widget shows details only after you run a compliance scan. -For more information, see xref:../operating/manage-compliance/monitoring-workload-and-cluster-compliance.adoc#checking-the-compliance-status-of-your-infrastructure_monitoring-workload-and-cluster-compliance[Checking the compliance status of your infrastructure]. +For more information, see xref:../operating/manage-compliance/using-the-compliance-dashboard.adoc#checking-the-compliance-status-of-your-infrastructure_using-the-compliance-dashboard[Checking the compliance status of your infrastructure]. ==== //TODO: Add link to compliance scan \ No newline at end of file