IBM Support

OpenShift Security Assessment

General Page

The Red Hat OpenShift Security Assessment is designed to assess the security hardening status of a Red Hat OpenShift v4.x cluster on Power or Intel. This service assesses a running cluster for over 115 security hardening recommendations derived from the CIS Red Hat OpenShift Container Platform v4 Benchmark – v1.1.0. These 115 controls are universal security hardening settings for all deployments of Red Hat OpenShift Version 4.
NOTE: This service can be provided under the IBM Expert Assist program, https://ibm.biz/expertassist.
For questions, contact systems-expert-labs@ibm.com.

Technical Details
Over 115 CIS Red Hat OpenShift Benchmark settings assessed are security hardening settings to be implemented on your Red Hat OpenShift Cluster. For example:

  • Ensure that a unique certificate authority is used for etcd
  • Minimize the admission of root containers
  • Apply security context to your pods and containers
Common Use Cases
  • An Red Hat OpenShift Container Platform Build team that would like to analyze their cluster baseline to identify more security hardening settings to add to their build process.
  • An organization that would like to verify that the security settings of a cluster are not compromised
  • An organization that would like to verify the security hardening status of a particular cluster
  • An organization that would like to compare how security settings differ between clusters built in different environments.  An example would be to compate a PROD cluster versus a QA or DEV cluster
  • An organization that would like security remediation recommendations provided with guidance on priority and ordering
Service Details
  • Data analysis and report generation is done by IBM
  • This service requires only a few hours of customer time to run a data collection script and to attend a Webex session to review the results of the assessment
  • One or more Red Hat OpenShift clusters can be assessed, depending on consulting agreement terms
  • The assessment only reads existing security settings, that is, no settings are altered on the assessment cluster
Engagement Process
  • Consultant arranges prep call to discuss data collection process and to schedule Webex to review assessment results
  • Client uploads encrypted tar file to BOX
  • Consultant analyzes data and creates deliverables
  • Consultant reviews results with client on Webex
Deliverables
  1. Heat Map - this spreadsheet provides a one page view of the results of the assessment
  2. Security Assessment Findings - this PDF details the results of the assessment.  Over 115 security assessment results are detailed in this document.  The document provides a hyperlinked Table of Contents to quickly access any of the more than 115 security controls assessed.
Contact us at systems-expert-labs@ibm.com or contact your local IBM Technology Expert Labs team

[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMJW8","label":"IBM Support for Red Hat Openshift Container Platform for Power"},"ARM Category":[{"code":"a8m0z0000001gyQAAQ","label":"Red Hat Enterprise Linux-\u003ESecurity"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
01 February 2024

UID

ibm16583569

Page Feedback