General Page
The Red Hat OpenShift Security Assessment is designed to assess the security hardening status of a Red Hat OpenShift v4.x cluster on Power or Intel. This service assesses a running cluster for over 115 security hardening recommendations derived from the CIS Red Hat OpenShift Container Platform v4 Benchmark – v1.1.0. These 115 controls are universal security hardening settings for all deployments of Red Hat OpenShift Version 4.
NOTE: This service can be provided under the IBM Expert Assist program, https://ibm.biz/expertassist.
For questions, contact systems-expert-labs@ibm.com.
For questions, contact systems-expert-labs@ibm.com.
Technical Details
Over 115 CIS Red Hat OpenShift Benchmark settings assessed are security hardening settings to be implemented on your Red Hat OpenShift Cluster. For example:
- Ensure that a unique certificate authority is used for etcd
- Minimize the admission of root containers
- Apply security context to your pods and containers
Common Use Cases
- An Red Hat OpenShift Container Platform Build team that would like to analyze their cluster baseline to identify more security hardening settings to add to their build process.
- An organization that would like to verify that the security settings of a cluster are not compromised
- An organization that would like to verify the security hardening status of a particular cluster
- An organization that would like to compare how security settings differ between clusters built in different environments. An example would be to compate a PROD cluster versus a QA or DEV cluster
- An organization that would like security remediation recommendations provided with guidance on priority and ordering
Service Details
- Data analysis and report generation is done by IBM
- This service requires only a few hours of customer time to run a data collection script and to attend a Webex session to review the results of the assessment
- One or more Red Hat OpenShift clusters can be assessed, depending on consulting agreement terms
- The assessment only reads existing security settings, that is, no settings are altered on the assessment cluster
Engagement Process
- Consultant arranges prep call to discuss data collection process and to schedule Webex to review assessment results
- Client uploads encrypted tar file to BOX
- Consultant analyzes data and creates deliverables
- Consultant reviews results with client on Webex
Deliverables
- Heat Map - this spreadsheet provides a one page view of the results of the assessment
-
Security Assessment Findings - this PDF details the results of the assessment. Over 115 security assessment results are detailed in this document. The document provides a hyperlinked Table of Contents to quickly access any of the more than 115 security controls assessed.
Contact us at systems-expert-labs@ibm.com or contact your local IBM Technology Expert Labs team
[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMJW8","label":"IBM Support for Red Hat Openshift Container Platform for Power"},"ARM Category":[{"code":"a8m0z0000001gyQAAQ","label":"Red Hat Enterprise Linux-\u003ESecurity"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 February 2024
UID
ibm16583569