diff --git a/applications/openshift/accounts/accounts_restrict_service_account_tokens/rule.yml b/applications/openshift/accounts/accounts_restrict_service_account_tokens/rule.yml
index d600683ecc07..a8f222cc695d 100644
--- a/applications/openshift/accounts/accounts_restrict_service_account_tokens/rule.yml
+++ b/applications/openshift/accounts/accounts_restrict_service_account_tokens/rule.yml
@@ -17,7 +17,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.1.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/accounts/accounts_unique_service_account/rule.yml b/applications/openshift/accounts/accounts_unique_service_account/rule.yml
index e50e7997c822..ed7a3842a607 100644
--- a/applications/openshift/accounts/accounts_unique_service_account/rule.yml
+++ b/applications/openshift/accounts/accounts_unique_service_account/rule.yml
@@ -23,7 +23,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.1.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_alwaysadmit/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_alwaysadmit/rule.yml
index f94503707996..5b407eb1b1f6 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_alwaysadmit/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_alwaysadmit/rule.yml
@@ -27,7 +27,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_alwayspullimages/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_alwayspullimages/rule.yml
index a5b638de4ef2..5ff105a1224c 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_alwayspullimages/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_alwayspullimages/rule.yml
@@ -43,7 +43,6 @@ rationale: |-
severity: high
references:
- cis@ocp4: 1.2.11
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_namespacelifecycle/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_namespacelifecycle/rule.yml
index 20251d97eadd..8be66f23a2b5 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_namespacelifecycle/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_namespacelifecycle/rule.yml
@@ -28,7 +28,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.13
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_noderestriction/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_noderestriction/rule.yml
index 5056b6d0e22a..e4b87e669048 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_noderestriction/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_noderestriction/rule.yml
@@ -31,7 +31,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.15
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_scc/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_scc/rule.yml
index 2170370276c7..4629b83beb63 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_scc/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_scc/rule.yml
@@ -31,7 +31,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.14
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_securitycontextdeny/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_securitycontextdeny/rule.yml
index 6a57b8b41c93..3808bc30e3d5 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_securitycontextdeny/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_securitycontextdeny/rule.yml
@@ -35,7 +35,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.13
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_admission_control_plugin_service_account/rule.yml b/applications/openshift/api-server/api_server_admission_control_plugin_service_account/rule.yml
index 0baa69da1adf..0a8babd347ce 100644
--- a/applications/openshift/api-server/api_server_admission_control_plugin_service_account/rule.yml
+++ b/applications/openshift/api-server/api_server_admission_control_plugin_service_account/rule.yml
@@ -31,7 +31,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.12
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_anonymous_auth/rule.yml b/applications/openshift/api-server/api_server_anonymous_auth/rule.yml
index e2f4dcf67019..7b918cc4aa06 100644
--- a/applications/openshift/api-server/api_server_anonymous_auth/rule.yml
+++ b/applications/openshift/api-server/api_server_anonymous_auth/rule.yml
@@ -34,7 +34,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 1.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_api_priority_flowschema_catch_all/rule.yml b/applications/openshift/api-server/api_server_api_priority_flowschema_catch_all/rule.yml
index 7607d38b1331..59531c757d72 100644
--- a/applications/openshift/api-server/api_server_api_priority_flowschema_catch_all/rule.yml
+++ b/applications/openshift/api-server/api_server_api_priority_flowschema_catch_all/rule.yml
@@ -28,7 +28,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_api_priority_v1_flowschema_catch_all/rule.yml b/applications/openshift/api-server/api_server_api_priority_v1_flowschema_catch_all/rule.yml
index 6bcac7761fcc..1676935b6f49 100644
--- a/applications/openshift/api-server/api_server_api_priority_v1_flowschema_catch_all/rule.yml
+++ b/applications/openshift/api-server/api_server_api_priority_v1_flowschema_catch_all/rule.yml
@@ -29,7 +29,6 @@ platform: ocp4.16
severity: medium
references:
- cis@ocp4: 1.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_api_priority_v1alpha1_flowschema_catch_all/rule.yml b/applications/openshift/api-server/api_server_api_priority_v1alpha1_flowschema_catch_all/rule.yml
index ff27cb0aaf41..53148c6f75ee 100644
--- a/applications/openshift/api-server/api_server_api_priority_v1alpha1_flowschema_catch_all/rule.yml
+++ b/applications/openshift/api-server/api_server_api_priority_v1alpha1_flowschema_catch_all/rule.yml
@@ -31,7 +31,6 @@ platform: ocp4.6 or ocp4.7
severity: medium
references:
- cis@ocp4: 1.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_api_priority_v1beta1_flowschema_catch_all/rule.yml b/applications/openshift/api-server/api_server_api_priority_v1beta1_flowschema_catch_all/rule.yml
index b5262de0a905..0d257d6c2157 100644
--- a/applications/openshift/api-server/api_server_api_priority_v1beta1_flowschema_catch_all/rule.yml
+++ b/applications/openshift/api-server/api_server_api_priority_v1beta1_flowschema_catch_all/rule.yml
@@ -30,7 +30,6 @@ platform: ocp4.8 or ocp4.9 or ocp4.10
severity: medium
references:
- cis@ocp4: 1.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_api_priority_v1beta2_flowschema_catch_all/rule.yml b/applications/openshift/api-server/api_server_api_priority_v1beta2_flowschema_catch_all/rule.yml
index db8db128c2e5..80fa082dda3a 100644
--- a/applications/openshift/api-server/api_server_api_priority_v1beta2_flowschema_catch_all/rule.yml
+++ b/applications/openshift/api-server/api_server_api_priority_v1beta2_flowschema_catch_all/rule.yml
@@ -30,7 +30,6 @@ platform: ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15
severity: medium
references:
- cis@ocp4: 1.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_audit_log_maxbackup/rule.yml b/applications/openshift/api-server/api_server_audit_log_maxbackup/rule.yml
index aa793f57ee20..c4f80625b609 100644
--- a/applications/openshift/api-server/api_server_audit_log_maxbackup/rule.yml
+++ b/applications/openshift/api-server/api_server_audit_log_maxbackup/rule.yml
@@ -37,7 +37,6 @@ identifiers:
severity: low
references:
- cis@ocp4: 1.2.22
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_audit_log_maxsize/rule.yml b/applications/openshift/api-server/api_server_audit_log_maxsize/rule.yml
index d76509c64a3c..9f5d21d85dc5 100644
--- a/applications/openshift/api-server/api_server_audit_log_maxsize/rule.yml
+++ b/applications/openshift/api-server/api_server_audit_log_maxsize/rule.yml
@@ -37,7 +37,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.23
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_audit_log_path/rule.yml b/applications/openshift/api-server/api_server_audit_log_path/rule.yml
index 9b6a02958667..c00d5a6c9df5 100644
--- a/applications/openshift/api-server/api_server_audit_log_path/rule.yml
+++ b/applications/openshift/api-server/api_server_audit_log_path/rule.yml
@@ -36,7 +36,6 @@ identifiers:
severity: high
references:
- cis@ocp4: 1.2.20
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_auth_mode_no_aa/rule.yml b/applications/openshift/api-server/api_server_auth_mode_no_aa/rule.yml
index 0a4148be2b53..006d4b74b041 100644
--- a/applications/openshift/api-server/api_server_auth_mode_no_aa/rule.yml
+++ b/applications/openshift/api-server/api_server_auth_mode_no_aa/rule.yml
@@ -21,7 +21,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.7
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_auth_mode_node/rule.yml b/applications/openshift/api-server/api_server_auth_mode_node/rule.yml
index d5984df449ef..4ec8d05db1a9 100644
--- a/applications/openshift/api-server/api_server_auth_mode_node/rule.yml
+++ b/applications/openshift/api-server/api_server_auth_mode_node/rule.yml
@@ -23,7 +23,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_auth_mode_rbac/rule.yml b/applications/openshift/api-server/api_server_auth_mode_rbac/rule.yml
index f9674834e9d8..b48e6b8b6b55 100644
--- a/applications/openshift/api-server/api_server_auth_mode_rbac/rule.yml
+++ b/applications/openshift/api-server/api_server_auth_mode_rbac/rule.yml
@@ -28,7 +28,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_basic_auth/rule.yml b/applications/openshift/api-server/api_server_basic_auth/rule.yml
index 0fd241fff800..3a6cf7125144 100644
--- a/applications/openshift/api-server/api_server_basic_auth/rule.yml
+++ b/applications/openshift/api-server/api_server_basic_auth/rule.yml
@@ -41,7 +41,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_bind_address/rule.yml b/applications/openshift/api-server/api_server_bind_address/rule.yml
index 25d3be1bb9aa..bf01dfa340c3 100644
--- a/applications/openshift/api-server/api_server_bind_address/rule.yml
+++ b/applications/openshift/api-server/api_server_bind_address/rule.yml
@@ -26,7 +26,6 @@ identifiers:
severity: low
references:
- cis@ocp4: 1.2.18
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_client_ca/rule.yml b/applications/openshift/api-server/api_server_client_ca/rule.yml
index 71cee9acf7eb..a0be00577867 100644
--- a/applications/openshift/api-server/api_server_client_ca/rule.yml
+++ b/applications/openshift/api-server/api_server_client_ca/rule.yml
@@ -38,7 +38,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 1.2.29
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml b/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml
index 3025941a6743..09749a1e8d2a 100644
--- a/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml
+++ b/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml
@@ -58,7 +58,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.31,2.8
nerc-cip: CIP-003-8 R4.2
nist: SC-28,SC-28(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_etcd_ca/rule.yml b/applications/openshift/api-server/api_server_etcd_ca/rule.yml
index 512a0d5b6a53..35e325ddd778 100644
--- a/applications/openshift/api-server/api_server_etcd_ca/rule.yml
+++ b/applications/openshift/api-server/api_server_etcd_ca/rule.yml
@@ -41,7 +41,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.30
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_etcd_cert/rule.yml b/applications/openshift/api-server/api_server_etcd_cert/rule.yml
index f20394a01cd5..535b4aaa4e02 100644
--- a/applications/openshift/api-server/api_server_etcd_cert/rule.yml
+++ b/applications/openshift/api-server/api_server_etcd_cert/rule.yml
@@ -39,7 +39,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.27
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_etcd_key/rule.yml b/applications/openshift/api-server/api_server_etcd_key/rule.yml
index 1170c32491f4..aeb2c53a446a 100644
--- a/applications/openshift/api-server/api_server_etcd_key/rule.yml
+++ b/applications/openshift/api-server/api_server_etcd_key/rule.yml
@@ -39,7 +39,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.27
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_https_for_kubelet_conn/rule.yml b/applications/openshift/api-server/api_server_https_for_kubelet_conn/rule.yml
index a1da41915df5..c9f9607e8b52 100644
--- a/applications/openshift/api-server/api_server_https_for_kubelet_conn/rule.yml
+++ b/applications/openshift/api-server/api_server_https_for_kubelet_conn/rule.yml
@@ -25,7 +25,6 @@ rationale: |-
severity: medium
references:
- cis: 1.2.4
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.3
diff --git a/applications/openshift/api-server/api_server_insecure_bind_address/rule.yml b/applications/openshift/api-server/api_server_insecure_bind_address/rule.yml
index cf0ae528d223..5b4a326c77ce 100644
--- a/applications/openshift/api-server/api_server_insecure_bind_address/rule.yml
+++ b/applications/openshift/api-server/api_server_insecure_bind_address/rule.yml
@@ -36,7 +36,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.16
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_kube_no_unsupported_config_overrides/rule.yml b/applications/openshift/api-server/api_server_kube_no_unsupported_config_overrides/rule.yml
index 8e1b5a96ed4f..aadea31e8f99 100644
--- a/applications/openshift/api-server/api_server_kube_no_unsupported_config_overrides/rule.yml
+++ b/applications/openshift/api-server/api_server_kube_no_unsupported_config_overrides/rule.yml
@@ -19,9 +19,6 @@ severity: medium
identifiers:
cce@ocp4: CCE-89304-0
-references:
- cis@ocp4: 1.2.31
-
{{% set jqfilter = '[.items[] | select(.spec.unsupportedConfigOverrides != null and .spec.unsupportedConfigOverrides != {}) | .metadata.name]' %}}
ocil_clause: 'Unsupported Kubernetes API server configuration overrides are detected'
diff --git a/applications/openshift/api-server/api_server_kubelet_certificate_authority/rule.yml b/applications/openshift/api-server/api_server_kubelet_certificate_authority/rule.yml
index 86c5195d15cb..15a4201528f1 100644
--- a/applications/openshift/api-server/api_server_kubelet_certificate_authority/rule.yml
+++ b/applications/openshift/api-server/api_server_kubelet_certificate_authority/rule.yml
@@ -40,7 +40,6 @@ identifiers:
severity: high
references:
- cis@ocp4: 1.2.6
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml b/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml
index 0a053c21227e..4490fe20a331 100644
--- a/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml
+++ b/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml
@@ -38,7 +38,6 @@ platform: not ocp4-on-hypershift-hosted
severity: high
references:
- cis@ocp4: 1.2.5
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml b/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml
index 54421c207e36..f2de2ec8298a 100644
--- a/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml
+++ b/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml
@@ -38,7 +38,6 @@ platform: not ocp4-on-hypershift-hosted
severity: high
references:
- cis@ocp4: 1.2.5
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_no_adm_ctrl_plugins_disabled/rule.yml b/applications/openshift/api-server/api_server_no_adm_ctrl_plugins_disabled/rule.yml
index cb14b4e7df17..5b52dd541242 100644
--- a/applications/openshift/api-server/api_server_no_adm_ctrl_plugins_disabled/rule.yml
+++ b/applications/openshift/api-server/api_server_no_adm_ctrl_plugins_disabled/rule.yml
@@ -30,7 +30,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.13,1.2.14,1.2.14,1.2.15,1.2.16,1.2.17
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_no_unsupported_config_overrides/rule.yml b/applications/openshift/api-server/api_server_no_unsupported_config_overrides/rule.yml
index d6d1a20e9f96..252374c718cf 100644
--- a/applications/openshift/api-server/api_server_no_unsupported_config_overrides/rule.yml
+++ b/applications/openshift/api-server/api_server_no_unsupported_config_overrides/rule.yml
@@ -19,9 +19,6 @@ severity: medium
identifiers:
cce@ocp4: CCE-89950-0
-references:
- cis@ocp4: 1.2.31
-
{{% set jqfilter = '[.items[] | select(.spec.unsupportedConfigOverrides != null and .spec.unsupportedConfigOverrides != {}) | .metadata.name]' %}}
ocil_clause: 'Unsupported OpenShift API server configuration overrides are detected'
diff --git a/applications/openshift/api-server/api_server_oauth_https_serving_cert/rule.yml b/applications/openshift/api-server/api_server_oauth_https_serving_cert/rule.yml
index 386f58bec03a..17a0541a29bf 100644
--- a/applications/openshift/api-server/api_server_oauth_https_serving_cert/rule.yml
+++ b/applications/openshift/api-server/api_server_oauth_https_serving_cert/rule.yml
@@ -19,7 +19,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 1.2.4
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_openshift_https_serving_cert/rule.yml b/applications/openshift/api-server/api_server_openshift_https_serving_cert/rule.yml
index 11ed528fe76e..c33e8e60387b 100644
--- a/applications/openshift/api-server/api_server_openshift_https_serving_cert/rule.yml
+++ b/applications/openshift/api-server/api_server_openshift_https_serving_cert/rule.yml
@@ -19,7 +19,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 1.2.4
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_profiling_protected_by_rbac/rule.yml b/applications/openshift/api-server/api_server_profiling_protected_by_rbac/rule.yml
index d4bcaed378a2..0a64ee665feb 100644
--- a/applications/openshift/api-server/api_server_profiling_protected_by_rbac/rule.yml
+++ b/applications/openshift/api-server/api_server_profiling_protected_by_rbac/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-84212-0
references:
- cis@ocp4: 1.2.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_request_timeout/rule.yml b/applications/openshift/api-server/api_server_request_timeout/rule.yml
index 01fa46206000..a7651e7447a2 100644
--- a/applications/openshift/api-server/api_server_request_timeout/rule.yml
+++ b/applications/openshift/api-server/api_server_request_timeout/rule.yml
@@ -37,7 +37,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 1.2.24
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_service_account_lookup/rule.yml b/applications/openshift/api-server/api_server_service_account_lookup/rule.yml
index c4e9a714200a..b171a3aa7f80 100644
--- a/applications/openshift/api-server/api_server_service_account_lookup/rule.yml
+++ b/applications/openshift/api-server/api_server_service_account_lookup/rule.yml
@@ -28,7 +28,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.25
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/api_server_service_account_public_key/rule.yml b/applications/openshift/api-server/api_server_service_account_public_key/rule.yml
index ce569f550045..756df88a1929 100644
--- a/applications/openshift/api-server/api_server_service_account_public_key/rule.yml
+++ b/applications/openshift/api-server/api_server_service_account_public_key/rule.yml
@@ -39,7 +39,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.26
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_tls_cert/rule.yml b/applications/openshift/api-server/api_server_tls_cert/rule.yml
index 53332478a6e0..50afdb8491ec 100644
--- a/applications/openshift/api-server/api_server_tls_cert/rule.yml
+++ b/applications/openshift/api-server/api_server_tls_cert/rule.yml
@@ -39,7 +39,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.28
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_tls_cipher_suites/rule.yml b/applications/openshift/api-server/api_server_tls_cipher_suites/rule.yml
index cb41de1fa050..4d05932142e2 100644
--- a/applications/openshift/api-server/api_server_tls_cipher_suites/rule.yml
+++ b/applications/openshift/api-server/api_server_tls_cipher_suites/rule.yml
@@ -41,7 +41,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 1.2.32
nist: CM-6
pcidss: Req-2.2,Req-2.2.3,Req-2.3
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/api-server/api_server_tls_private_key/rule.yml b/applications/openshift/api-server/api_server_tls_private_key/rule.yml
index f0fc2363c6ca..f01b4e839125 100644
--- a/applications/openshift/api-server/api_server_tls_private_key/rule.yml
+++ b/applications/openshift/api-server/api_server_tls_private_key/rule.yml
@@ -39,7 +39,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.28
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/api-server/api_server_token_auth/rule.yml b/applications/openshift/api-server/api_server_token_auth/rule.yml
index 6f529a4ceaa8..5fc872228db5 100644
--- a/applications/openshift/api-server/api_server_token_auth/rule.yml
+++ b/applications/openshift/api-server/api_server_token_auth/rule.yml
@@ -39,7 +39,6 @@ identifiers:
severity: high
references:
- cis@ocp4: 1.2.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/api-server/audit_log_forwarding_enabled/rule.yml b/applications/openshift/api-server/audit_log_forwarding_enabled/rule.yml
index 13b185d752a4..e6584fbaec32 100644
--- a/applications/openshift/api-server/audit_log_forwarding_enabled/rule.yml
+++ b/applications/openshift/api-server/audit_log_forwarding_enabled/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-84076-9
references:
- cis@ocp4: 1.2.21
nerc-cip: CIP-003-8 R5.2,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AC-2(12),AU-3(2),AU-5(1),AU-6,AU-6(1),AU-6(3),AU-9(2),SI-4(16),AU-4(1),AU-11,AU-7,AU-7(1),SI-4(20)
pcidss: Req-2.2,Req-10.5.3,Req-10.5.4
diff --git a/applications/openshift/api-server/audit_log_forwarding_enabled_logging_api/rule.yml b/applications/openshift/api-server/audit_log_forwarding_enabled_logging_api/rule.yml
index db08bd2ffd8e..b5441347719c 100644
--- a/applications/openshift/api-server/audit_log_forwarding_enabled_logging_api/rule.yml
+++ b/applications/openshift/api-server/audit_log_forwarding_enabled_logging_api/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-86258-1
references:
- cis@ocp4: 1.2.21
nerc-cip: CIP-003-8 R5.2,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AC-2(12),AU-3(2),AU-5(1),AU-6,AU-6(1),AU-6(3),AU-9(2),SI-4(16),AU-4(1),AU-11,AU-7,AU-7(1),SI-4(20)
pcidss: Req-2.2,Req-10.5.3,Req-10.5.4
diff --git a/applications/openshift/api-server/audit_log_forwarding_enabled_observability_api/rule.yml b/applications/openshift/api-server/audit_log_forwarding_enabled_observability_api/rule.yml
index 30426e49d764..fc3fa7311fa2 100644
--- a/applications/openshift/api-server/audit_log_forwarding_enabled_observability_api/rule.yml
+++ b/applications/openshift/api-server/audit_log_forwarding_enabled_observability_api/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-86265-6
references:
- cis@ocp4: 1.2.21
nerc-cip: CIP-003-8 R5.2,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AC-2(12),AU-3(2),AU-5(1),AU-6,AU-6(1),AU-6(3),AU-9(2),SI-4(16),AU-4(1),AU-11,AU-7,AU-7(1),SI-4(20)
pcidss: Req-2.2,Req-10.5.3,Req-10.5.4
diff --git a/applications/openshift/api-server/audit_log_forwarding_webhook/rule.yml b/applications/openshift/api-server/audit_log_forwarding_webhook/rule.yml
index 1a42d8f30f07..2c591d979c5e 100644
--- a/applications/openshift/api-server/audit_log_forwarding_webhook/rule.yml
+++ b/applications/openshift/api-server/audit_log_forwarding_webhook/rule.yml
@@ -30,7 +30,6 @@ identifiers:
cce@ocp4: CCE-86103-9
references:
- cis@ocp4: 1.2.21
pcidss: Req-2.2,Req-10.5.3,Req-10.5.4
platform: ocp4-on-hypershift
diff --git a/applications/openshift/api-server/audit_log_forwarding_webhook_logging_api/rule.yml b/applications/openshift/api-server/audit_log_forwarding_webhook_logging_api/rule.yml
index 55df55406f8b..14f0f2513e4a 100644
--- a/applications/openshift/api-server/audit_log_forwarding_webhook_logging_api/rule.yml
+++ b/applications/openshift/api-server/audit_log_forwarding_webhook_logging_api/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@ocp4: CCE-86658-2
references:
- cis@ocp4: 1.2.21
pcidss: Req-2.2,Req-10.5.3,Req-10.5.4
platform: ocp4-on-hypershift
diff --git a/applications/openshift/api-server/audit_log_forwarding_webhook_observability_api/rule.yml b/applications/openshift/api-server/audit_log_forwarding_webhook_observability_api/rule.yml
index bcfc04d1448b..033f48138d22 100644
--- a/applications/openshift/api-server/audit_log_forwarding_webhook_observability_api/rule.yml
+++ b/applications/openshift/api-server/audit_log_forwarding_webhook_observability_api/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@ocp4: CCE-86660-8
references:
- cis@ocp4: 1.2.21
pcidss: Req-2.2,Req-10.5.3,Req-10.5.4
platform: ocp4-on-hypershift
diff --git a/applications/openshift/authentication/idp_is_configured/rule.yml b/applications/openshift/authentication/idp_is_configured/rule.yml
index 5c10b47ceaf1..e72d054052e5 100644
--- a/applications/openshift/authentication/idp_is_configured/rule.yml
+++ b/applications/openshift/authentication/idp_is_configured/rule.yml
@@ -63,7 +63,6 @@ identifiers:
references:
- cis@ocp4: 3.1.1
nerc-cip: CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2,CIP-007-3 R5.1.3,CIP-007-3 R5.2,CIP-007-3 R5.2.1,CIP-007-3 R5.2.3,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3
nist: AC-2,AC-2(1),AC-2(2),AC-2(3),AC-2(4),AC-2(5),AC-2(6),AC-2(7),AC-2(8),AC-7,AC-12(1),IA-2(8),IA-2(9),SC-12(1)
pcidss: Req-2.2,Req-8.1.1
diff --git a/applications/openshift/controller/controller_insecure_port_disabled/rule.yml b/applications/openshift/controller/controller_insecure_port_disabled/rule.yml
index c14754fdbefa..e0dd4b4f79c7 100644
--- a/applications/openshift/controller/controller_insecure_port_disabled/rule.yml
+++ b/applications/openshift/controller/controller_insecure_port_disabled/rule.yml
@@ -54,7 +54,6 @@ ocil: |-
Verify that it's true in the console output (the value will be true if the insecure port is bind to loopback address or disabled) .
references:
- cis@ocp4: 1.3.5
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/controller/controller_secure_port/rule.yml b/applications/openshift/controller/controller_secure_port/rule.yml
index cbf6fdf795d7..2dc1d37cad5c 100644
--- a/applications/openshift/controller/controller_secure_port/rule.yml
+++ b/applications/openshift/controller/controller_secure_port/rule.yml
@@ -48,7 +48,6 @@ ocil: |-
Verify that it's using an appropriate port (the value is not 0
).
references:
- cis@ocp4: 1.3.5
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/controller/controller_service_account_ca/rule.yml b/applications/openshift/controller/controller_service_account_ca/rule.yml
index c4fa7046863d..04f72e7511c4 100644
--- a/applications/openshift/controller/controller_service_account_ca/rule.yml
+++ b/applications/openshift/controller/controller_service_account_ca/rule.yml
@@ -38,7 +38,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.3.4
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/controller/controller_service_account_private_key/rule.yml b/applications/openshift/controller/controller_service_account_private_key/rule.yml
index 1572ded0d5d0..a1d0ae10ee36 100644
--- a/applications/openshift/controller/controller_service_account_private_key/rule.yml
+++ b/applications/openshift/controller/controller_service_account_private_key/rule.yml
@@ -40,7 +40,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.3.3
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/controller/controller_use_service_account/rule.yml b/applications/openshift/controller/controller_use_service_account/rule.yml
index 03b7761b988e..07cd871b34b4 100644
--- a/applications/openshift/controller/controller_use_service_account/rule.yml
+++ b/applications/openshift/controller/controller_use_service_account/rule.yml
@@ -42,7 +42,6 @@ identifiers:
cce@ocp4: CCE-84208-8
references:
- cis@ocp4: 1.3.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/etcd/etcd_auto_tls/rule.yml b/applications/openshift/etcd/etcd_auto_tls/rule.yml
index 1a8435468dc1..f728925aff60 100644
--- a/applications/openshift/etcd/etcd_auto_tls/rule.yml
+++ b/applications/openshift/etcd/etcd_auto_tls/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@ocp4: CCE-84199-9
references:
- cis@ocp4: '2.3'
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/etcd/etcd_cert_file/rule.yml b/applications/openshift/etcd/etcd_cert_file/rule.yml
index 53d7db44d674..465001857826 100644
--- a/applications/openshift/etcd/etcd_cert_file/rule.yml
+++ b/applications/openshift/etcd/etcd_cert_file/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@ocp4: CCE-83553-8
references:
- cis@ocp4: '2.1'
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/etcd/etcd_client_cert_auth/rule.yml b/applications/openshift/etcd/etcd_client_cert_auth/rule.yml
index 663e565381ca..382ee21c2ee9 100644
--- a/applications/openshift/etcd/etcd_client_cert_auth/rule.yml
+++ b/applications/openshift/etcd/etcd_client_cert_auth/rule.yml
@@ -29,7 +29,6 @@ identifiers:
cce@ocp4: CCE-84077-7
references:
- cis@ocp4: '2.2'
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/etcd/etcd_key_file/rule.yml b/applications/openshift/etcd/etcd_key_file/rule.yml
index 1b3940eeb37d..a16dd7b15425 100644
--- a/applications/openshift/etcd/etcd_key_file/rule.yml
+++ b/applications/openshift/etcd/etcd_key_file/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@ocp4: CCE-83745-0
references:
- cis@ocp4: '2.1'
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/etcd/etcd_peer_auto_tls/rule.yml b/applications/openshift/etcd/etcd_peer_auto_tls/rule.yml
index 325bebeba5a8..171e5e7e32ef 100644
--- a/applications/openshift/etcd/etcd_peer_auto_tls/rule.yml
+++ b/applications/openshift/etcd/etcd_peer_auto_tls/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@ocp4: CCE-84184-1
references:
- cis@ocp4: '2.6'
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/etcd/etcd_peer_cert_file/rule.yml b/applications/openshift/etcd/etcd_peer_cert_file/rule.yml
index 6e7a7b86225e..745eed1d0aad 100644
--- a/applications/openshift/etcd/etcd_peer_cert_file/rule.yml
+++ b/applications/openshift/etcd/etcd_peer_cert_file/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@ocp4: CCE-83847-4
references:
- cis@ocp4: '2.4'
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/etcd/etcd_peer_client_cert_auth/rule.yml b/applications/openshift/etcd/etcd_peer_client_cert_auth/rule.yml
index caa097b41a3f..52ae608da8f9 100644
--- a/applications/openshift/etcd/etcd_peer_client_cert_auth/rule.yml
+++ b/applications/openshift/etcd/etcd_peer_client_cert_auth/rule.yml
@@ -29,7 +29,6 @@ identifiers:
cce@ocp4: CCE-83465-5
references:
- cis@ocp4: '2.5'
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/etcd/etcd_peer_key_file/rule.yml b/applications/openshift/etcd/etcd_peer_key_file/rule.yml
index 86de972061c6..8c810591a461 100644
--- a/applications/openshift/etcd/etcd_peer_key_file/rule.yml
+++ b/applications/openshift/etcd/etcd_peer_key_file/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@ocp4: CCE-83711-2
references:
- cis@ocp4: '2.4'
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/etcd/etcd_unique_ca/rule.yml b/applications/openshift/etcd/etcd_unique_ca/rule.yml
index feadfb3777c7..a34ddb87a1da 100644
--- a/applications/openshift/etcd/etcd_unique_ca/rule.yml
+++ b/applications/openshift/etcd/etcd_unique_ca/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-87514-6
references:
- cis@ocp4: '2.7'
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/general/general_apply_scc/rule.yml b/applications/openshift/general/general_apply_scc/rule.yml
index 60e955cccdbe..c7a9a609347e 100644
--- a/applications/openshift/general/general_apply_scc/rule.yml
+++ b/applications/openshift/general/general_apply_scc/rule.yml
@@ -27,7 +27,6 @@ ocil: |-
build your own, please refer to the {{{ weblink(link="https://docs.openshift.com/container-platform/4.11/authentication/managing-security-context-constraints.html", text="OpenShift security constraints documentation") }}}.
references:
- cis@ocp4: 5.7.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/general/general_default_namespace_use/rule.yml b/applications/openshift/general/general_default_namespace_use/rule.yml
index 36de9f55ce6f..0ca38a7dec2c 100644
--- a/applications/openshift/general/general_default_namespace_use/rule.yml
+++ b/applications/openshift/general/general_default_namespace_use/rule.yml
@@ -24,7 +24,6 @@ ocil: |-
kubernetes and openshift service.
references:
- cis@ocp4: 5.7.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/general/general_default_seccomp_profile/rule.yml b/applications/openshift/general/general_default_seccomp_profile/rule.yml
index 1a807bf0ecc3..8a3552cc125a 100644
--- a/applications/openshift/general/general_default_seccomp_profile/rule.yml
+++ b/applications/openshift/general/general_default_seccomp_profile/rule.yml
@@ -30,7 +30,6 @@ ocil: |-
Security Context Constraints.
references:
- cis@ocp4: 5.7.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/general/general_namespaces_in_use/rule.yml b/applications/openshift/general/general_namespaces_in_use/rule.yml
index 7f130b2f5b9a..d0939afbb97a 100644
--- a/applications/openshift/general/general_namespaces_in_use/rule.yml
+++ b/applications/openshift/general/general_namespaces_in_use/rule.yml
@@ -27,7 +27,6 @@ ocil: |-
the ones you need and are adequately administered.
references:
- cis@ocp4: 5.7.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/general/kubeadmin_removed/rule.yml b/applications/openshift/general/kubeadmin_removed/rule.yml
index 93fcb721b73c..8b54253998e8 100644
--- a/applications/openshift/general/kubeadmin_removed/rule.yml
+++ b/applications/openshift/general/kubeadmin_removed/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-90387-2
references:
- cis@ocp4: 3.1.1,5.1.1
nerc-cip: CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-007-3 R.1.3,CIP-007-3 R2,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.1.3,CIP-007-3 R5.2.1,CIP-007-3 R5.2.3,CIP-007-3 R6.1,CIP-007-3 R6.2,CIP-007-3 R6.3,CIP-007-3 R6.4
nist: AC-2(2),AC-2(7),AC-2(9),AC-2(10),AC-12(1),IA-2(5),MA-4,SC-12(1)
pcidss: Req-2.1
diff --git a/applications/openshift/kubelet/kubelet_anonymous_auth/rule.yml b/applications/openshift/kubelet/kubelet_anonymous_auth/rule.yml
index fb5bd9353e6d..3221efaf8ec3 100644
--- a/applications/openshift/kubelet/kubelet_anonymous_auth/rule.yml
+++ b/applications/openshift/kubelet/kubelet_anonymous_auth/rule.yml
@@ -36,7 +36,6 @@ severity: medium
references:
cis@eks: 3.2.1
- cis@ocp4: 4.2.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_authorization_mode/rule.yml b/applications/openshift/kubelet/kubelet_authorization_mode/rule.yml
index f246164acfe6..c5bd5d03d8b9 100644
--- a/applications/openshift/kubelet/kubelet_authorization_mode/rule.yml
+++ b/applications/openshift/kubelet/kubelet_authorization_mode/rule.yml
@@ -34,7 +34,6 @@ severity: medium
references:
cis@eks: 3.2.2
- cis@ocp4: 4.2.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_configure_client_ca/rule.yml b/applications/openshift/kubelet/kubelet_configure_client_ca/rule.yml
index df0c6741d6e0..068613339a6f 100644
--- a/applications/openshift/kubelet/kubelet_configure_client_ca/rule.yml
+++ b/applications/openshift/kubelet/kubelet_configure_client_ca/rule.yml
@@ -47,7 +47,6 @@ identifiers:
references:
cis@eks: 3.2.3
- cis@ocp4: 4.2.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_configure_event_creation/rule.yml b/applications/openshift/kubelet/kubelet_configure_event_creation/rule.yml
index 0b8e28cb2e65..190b5d743cfd 100644
--- a/applications/openshift/kubelet/kubelet_configure_event_creation/rule.yml
+++ b/applications/openshift/kubelet/kubelet_configure_event_creation/rule.yml
@@ -52,7 +52,6 @@ ocil: |-
The output should return {{ .var_event_record_qps }}.
references:
- cis@ocp4: 4.2.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml b/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml
index 98cc7255b14e..a37065814afd 100644
--- a/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml
+++ b/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml
@@ -29,7 +29,6 @@ identifiers:
platform: not ocp4-on-hypershift-hosted
references:
- cis@ocp4: 4.2.9
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/kubelet/kubelet_configure_tls_cipher_suites/rule.yml b/applications/openshift/kubelet/kubelet_configure_tls_cipher_suites/rule.yml
index 3d966c4b582d..ff8d7d611732 100644
--- a/applications/openshift/kubelet/kubelet_configure_tls_cipher_suites/rule.yml
+++ b/applications/openshift/kubelet/kubelet_configure_tls_cipher_suites/rule.yml
@@ -43,7 +43,6 @@ identifiers:
cce@ocp4: CCE-86030-4
references:
- cis@ocp4: 4.2.12
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml b/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml
index 550b52d0428a..e6690fba989d 100644
--- a/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml
+++ b/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml
@@ -29,7 +29,6 @@ identifiers:
platform: not ocp4-on-hypershift-hosted
references:
- cis@ocp4: 4.2.9
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
nist: SC-8,SC-8(1),SC-8(2)
pcidss: Req-2.2,Req-2.2.3,Req-2.3
diff --git a/applications/openshift/kubelet/kubelet_disable_hostname_override/rule.yml b/applications/openshift/kubelet/kubelet_disable_hostname_override/rule.yml
index 2b89235432ba..fb3919927fbf 100644
--- a/applications/openshift/kubelet/kubelet_disable_hostname_override/rule.yml
+++ b/applications/openshift/kubelet/kubelet_disable_hostname_override/rule.yml
@@ -33,7 +33,6 @@ severity: low
references:
cis@eks: 3.2.8
- cis@ocp4: 4.2.8
nerc-cip: CIP-003-3 R6,CIP-004-3 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
diff --git a/applications/openshift/kubelet/kubelet_disable_readonly_port/rule.yml b/applications/openshift/kubelet/kubelet_disable_readonly_port/rule.yml
index 84c06cf7d7f1..d94e72760a25 100644
--- a/applications/openshift/kubelet/kubelet_disable_readonly_port/rule.yml
+++ b/applications/openshift/kubelet/kubelet_disable_readonly_port/rule.yml
@@ -43,7 +43,6 @@ identifiers:
cce@ocp4: CCE-83427-5
references:
- cis@ocp4: 4.2.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/kubelet/kubelet_enable_cert_rotation/rule.yml b/applications/openshift/kubelet/kubelet_enable_cert_rotation/rule.yml
index f42d5bed8b4f..d72cfa64f6df 100644
--- a/applications/openshift/kubelet/kubelet_enable_cert_rotation/rule.yml
+++ b/applications/openshift/kubelet/kubelet_enable_cert_rotation/rule.yml
@@ -39,7 +39,6 @@ identifiers:
references:
cis@eks: 3.2.10
- cis@ocp4: 4.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_enable_client_cert_rotation/rule.yml b/applications/openshift/kubelet/kubelet_enable_client_cert_rotation/rule.yml
index 934325e14c2c..2e947202ede4 100644
--- a/applications/openshift/kubelet/kubelet_enable_client_cert_rotation/rule.yml
+++ b/applications/openshift/kubelet/kubelet_enable_client_cert_rotation/rule.yml
@@ -40,7 +40,6 @@ identifiers:
references:
cis@eks: 3.2.10
- cis@ocp4: 4.2.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_enable_iptables_util_chains/rule.yml b/applications/openshift/kubelet/kubelet_enable_iptables_util_chains/rule.yml
index ed7077280c3d..5060902c98df 100644
--- a/applications/openshift/kubelet/kubelet_enable_iptables_util_chains/rule.yml
+++ b/applications/openshift/kubelet/kubelet_enable_iptables_util_chains/rule.yml
@@ -40,7 +40,6 @@ identifiers:
references:
cis@eks: 3.2.7
- cis@ocp4: 4.2.7
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_enable_server_cert_rotation/rule.yml b/applications/openshift/kubelet/kubelet_enable_server_cert_rotation/rule.yml
index a142865f6cf8..263d8230d3c9 100644
--- a/applications/openshift/kubelet/kubelet_enable_server_cert_rotation/rule.yml
+++ b/applications/openshift/kubelet/kubelet_enable_server_cert_rotation/rule.yml
@@ -37,7 +37,6 @@ identifiers:
references:
cis@eks: 3.2.11
- cis@ocp4: 4.2.11
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_enable_streaming_connections/rule.yml b/applications/openshift/kubelet/kubelet_enable_streaming_connections/rule.yml
index cb5b0eebb70a..bcee2c8c1964 100644
--- a/applications/openshift/kubelet/kubelet_enable_streaming_connections/rule.yml
+++ b/applications/openshift/kubelet/kubelet_enable_streaming_connections/rule.yml
@@ -43,7 +43,6 @@ identifiers:
references:
cis@eks: 3.2.5
- cis@ocp4: 4.2.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_enable_streaming_connections_deprecated/rule.yml b/applications/openshift/kubelet/kubelet_enable_streaming_connections_deprecated/rule.yml
index 15d46d9cd2b1..827ce668dabc 100644
--- a/applications/openshift/kubelet/kubelet_enable_streaming_connections_deprecated/rule.yml
+++ b/applications/openshift/kubelet/kubelet_enable_streaming_connections_deprecated/rule.yml
@@ -35,7 +35,6 @@ ocil: |-
references:
cis@eks: 3.2.5
- cis@ocp4: 4.2.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/rule.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/rule.yml
index 2ecf190bc1fc..d04f5b9ae7aa 100644
--- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/rule.yml
+++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/rule.yml
@@ -55,7 +55,6 @@ identifiers:
cce@ocp4: CCE-84144-5
references:
- cis@ocp4: 4.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/rule.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/rule.yml
index e049d74f1764..96bc6dc47683 100644
--- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/rule.yml
+++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/rule.yml
@@ -54,7 +54,6 @@ identifiers:
cce@ocp4: CCE-84135-3
references:
- cis@ocp4: 4.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/rule.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/rule.yml
index 6396d1ea2aec..8b3c163dc07d 100644
--- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/rule.yml
+++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/rule.yml
@@ -54,7 +54,6 @@ identifiers:
cce@ocp4: CCE-84138-7
references:
- cis@ocp4: 4.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/rule.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/rule.yml
index 316cece90314..20bb33159a9d 100644
--- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/rule.yml
+++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/rule.yml
@@ -54,7 +54,6 @@ identifiers:
cce@ocp4: CCE-84141-1
references:
- cis@ocp4: 4.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/logging/audit_logging_enabled/rule.yml b/applications/openshift/logging/audit_logging_enabled/rule.yml
index fd8953bdf13e..3c8e89772c7c 100644
--- a/applications/openshift/logging/audit_logging_enabled/rule.yml
+++ b/applications/openshift/logging/audit_logging_enabled/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@ocp4: CCE-90619-8
references:
- cis@ocp4: 3.2.1
nerc-cip: CIP-003-8 R4,CIP-003-8 R4.1,CIP-003-8 R4.2,CIP-003-8 R5.2,CIP-003-8 R6,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AU-2,AU-3,AU-3(1),AU-6,AU-6(1),AU-7,AU-7(1),AU-8,AU-8(1),AU-9,AU-12,AU-12(1),AU-12(3),CM-5(1),SI-11,SI-12,SI-4(20),SI-4(23)
pcidss: Req-2.2,Req-12.5.5
diff --git a/applications/openshift/logging/audit_profile_set/rule.yml b/applications/openshift/logging/audit_profile_set/rule.yml
index 7fef7307738e..f78fe7f40a28 100644
--- a/applications/openshift/logging/audit_profile_set/rule.yml
+++ b/applications/openshift/logging/audit_profile_set/rule.yml
@@ -53,7 +53,6 @@ identifiers:
cce@ocp4: CCE-83577-7
references:
- cis@ocp4: 3.2.2
nerc-cip: CIP-003-8 R4,CIP-003-8 R4.1,CIP-003-8 R4.2,CIP-003-8 R5.2,CIP-003-8 R6,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AU-2,AU-3,AU-3(1),AU-6,AU-6(1),AU-7,AU-7(1),AU-8,AU-8(1),AU-9,AU-12,AU-12(1),AU-12(3),CM-5(1),SI-11,SI-12,SI-4(20),SI-4(23)
pcidss: Req-2.2,Req-12.5.5
diff --git a/applications/openshift/master/file_groupowner_cni_conf/rule.yml b/applications/openshift/master/file_groupowner_cni_conf/rule.yml
index a9729f37155e..73a10b170c6a 100644
--- a/applications/openshift/master/file_groupowner_cni_conf/rule.yml
+++ b/applications/openshift/master/file_groupowner_cni_conf/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-84025-6
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_controller_manager_kubeconfig/rule.yml b/applications/openshift/master/file_groupowner_controller_manager_kubeconfig/rule.yml
index cae73c6f42b5..52b763c6e838 100644
--- a/applications/openshift/master/file_groupowner_controller_manager_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_groupowner_controller_manager_kubeconfig/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.18
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_etcd_data_dir/rule.yml b/applications/openshift/master/file_groupowner_etcd_data_dir/rule.yml
index 398389d25509..5f0db7e7d2d4 100644
--- a/applications/openshift/master/file_groupowner_etcd_data_dir/rule.yml
+++ b/applications/openshift/master/file_groupowner_etcd_data_dir/rule.yml
@@ -17,7 +17,6 @@ identifiers:
cce@ocp4: CCE-83354-1
references:
- cis@ocp4: 1.1.12
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_etcd_data_files/rule.yml b/applications/openshift/master/file_groupowner_etcd_data_files/rule.yml
index 4a021650d872..0652f092fedd 100644
--- a/applications/openshift/master/file_groupowner_etcd_data_files/rule.yml
+++ b/applications/openshift/master/file_groupowner_etcd_data_files/rule.yml
@@ -17,7 +17,6 @@ identifiers:
cce@ocp4: CCE-83816-9
references:
- cis@ocp4: 1.1.12
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_etcd_member/rule.yml b/applications/openshift/master/file_groupowner_etcd_member/rule.yml
index 23990f65419c..2973448f82da 100644
--- a/applications/openshift/master/file_groupowner_etcd_member/rule.yml
+++ b/applications/openshift/master/file_groupowner_etcd_member/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-83664-3
references:
- cis@ocp4: 1.1.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_etcd_pki_cert_files/rule.yml b/applications/openshift/master/file_groupowner_etcd_pki_cert_files/rule.yml
index d197191e6817..057d667c802a 100644
--- a/applications/openshift/master/file_groupowner_etcd_pki_cert_files/rule.yml
+++ b/applications/openshift/master/file_groupowner_etcd_pki_cert_files/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ip_allocations/rule.yml b/applications/openshift/master/file_groupowner_ip_allocations/rule.yml
index 7b22db0ddb37..2887b2911a37 100644
--- a/applications/openshift/master/file_groupowner_ip_allocations/rule.yml
+++ b/applications/openshift/master/file_groupowner_ip_allocations/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-84211-2
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_kube_apiserver/rule.yml b/applications/openshift/master/file_groupowner_kube_apiserver/rule.yml
index 38c2c51e2cff..ea413441a1c5 100644
--- a/applications/openshift/master/file_groupowner_kube_apiserver/rule.yml
+++ b/applications/openshift/master/file_groupowner_kube_apiserver/rule.yml
@@ -16,7 +16,6 @@ identifiers:
cce@ocp4: CCE-83530-6
references:
- cis@ocp4: 1.1.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_kube_controller_manager/rule.yml b/applications/openshift/master/file_groupowner_kube_controller_manager/rule.yml
index 91ab27869a66..03fc4ce75712 100644
--- a/applications/openshift/master/file_groupowner_kube_controller_manager/rule.yml
+++ b/applications/openshift/master/file_groupowner_kube_controller_manager/rule.yml
@@ -16,7 +16,6 @@ identifiers:
cce@ocp4: CCE-83953-0
references:
- cis@ocp4: 1.1.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_kube_scheduler/rule.yml b/applications/openshift/master/file_groupowner_kube_scheduler/rule.yml
index 9721bde67f3c..808b63dcd82a 100644
--- a/applications/openshift/master/file_groupowner_kube_scheduler/rule.yml
+++ b/applications/openshift/master/file_groupowner_kube_scheduler/rule.yml
@@ -16,7 +16,6 @@ identifiers:
cce@ocp4: CCE-83614-8
references:
- cis@ocp4: 1.1.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_kubeconfig/rule.yml b/applications/openshift/master/file_groupowner_kubeconfig/rule.yml
index f400291bccb4..2a461dce6bfa 100644
--- a/applications/openshift/master/file_groupowner_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_groupowner_kubeconfig/rule.yml
@@ -15,9 +15,6 @@ severity: medium
#identifiers:
# cce@ocp4: 80633-1
-references:
- cis@ocp4: 1.1.14
-
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/kubernetes/kubeconfig", group="root") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_groupowner_master_admin_kubeconfigs/rule.yml b/applications/openshift/master/file_groupowner_master_admin_kubeconfigs/rule.yml
index 3dcbe26da97a..53f062fe3fa7 100644
--- a/applications/openshift/master/file_groupowner_master_admin_kubeconfigs/rule.yml
+++ b/applications/openshift/master/file_groupowner_master_admin_kubeconfigs/rule.yml
@@ -22,7 +22,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.14
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_multus_conf/rule.yml b/applications/openshift/master/file_groupowner_multus_conf/rule.yml
index 33786dcfc00f..f8b6671822ae 100644
--- a/applications/openshift/master/file_groupowner_multus_conf/rule.yml
+++ b/applications/openshift/master/file_groupowner_multus_conf/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-83818-5
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_openshift_pki_cert_files/rule.yml b/applications/openshift/master/file_groupowner_openshift_pki_cert_files/rule.yml
index 04be94b0c83d..4e6435ff6118 100644
--- a/applications/openshift/master/file_groupowner_openshift_pki_cert_files/rule.yml
+++ b/applications/openshift/master/file_groupowner_openshift_pki_cert_files/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_openshift_pki_key_files/rule.yml b/applications/openshift/master/file_groupowner_openshift_pki_key_files/rule.yml
index f43e58607454..004e2d4295aa 100644
--- a/applications/openshift/master/file_groupowner_openshift_pki_key_files/rule.yml
+++ b/applications/openshift/master/file_groupowner_openshift_pki_key_files/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_openshift_sdn_cniserver_config/rule.yml b/applications/openshift/master/file_groupowner_openshift_sdn_cniserver_config/rule.yml
index f4e70e86c1d4..6d739b70b74b 100644
--- a/applications/openshift/master/file_groupowner_openshift_sdn_cniserver_config/rule.yml
+++ b/applications/openshift/master/file_groupowner_openshift_sdn_cniserver_config/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83605-6
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_openvswitch/rule.yml b/applications/openshift/master/file_groupowner_openvswitch/rule.yml
index da78ea51076c..e577ba04025d 100644
--- a/applications/openshift/master/file_groupowner_openvswitch/rule.yml
+++ b/applications/openshift/master/file_groupowner_openvswitch/rule.yml
@@ -16,9 +16,6 @@ severity: medium
#identifiers:
# cce@ocp4: 82172-8
-references:
- cis@ocp4: 1.1.10
-
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/.*", group="root") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_groupowner_ovn_cni_server_sock/rule.yml b/applications/openshift/master/file_groupowner_ovn_cni_server_sock/rule.yml
index e7a63d9b1b1e..327a293db2a8 100644
--- a/applications/openshift/master/file_groupowner_ovn_cni_server_sock/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovn_cni_server_sock/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-86222-7
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovn_db_files/rule.yml b/applications/openshift/master/file_groupowner_ovn_db_files/rule.yml
index c82d6da59baf..9b78cbd34fd2 100644
--- a/applications/openshift/master/file_groupowner_ovn_db_files/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovn_db_files/rule.yml
@@ -20,7 +20,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_conf_db_hugetlbfs/rule.yml b/applications/openshift/master/file_groupowner_ovs_conf_db_hugetlbfs/rule.yml
index f4a18bb358d9..c8ea04b83f12 100644
--- a/applications/openshift/master/file_groupowner_ovs_conf_db_hugetlbfs/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_conf_db_hugetlbfs/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-88281-1
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_conf_db_lock_hugetlbfs/rule.yml b/applications/openshift/master/file_groupowner_ovs_conf_db_lock_hugetlbfs/rule.yml
index 1deb2678b0f7..1dca8fa385e4 100644
--- a/applications/openshift/master/file_groupowner_ovs_conf_db_lock_hugetlbfs/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_conf_db_lock_hugetlbfs/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-85936-3
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_conf_db_lock_openvswitch/rule.yml b/applications/openshift/master/file_groupowner_ovs_conf_db_lock_openvswitch/rule.yml
index 1110b896ed95..0a7b70f92e9d 100644
--- a/applications/openshift/master/file_groupowner_ovs_conf_db_lock_openvswitch/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_conf_db_lock_openvswitch/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-87632-6
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_conf_db_openvswitch/rule.yml b/applications/openshift/master/file_groupowner_ovs_conf_db_openvswitch/rule.yml
index f750aa580d8c..d8b0c0da3ddb 100644
--- a/applications/openshift/master/file_groupowner_ovs_conf_db_openvswitch/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_conf_db_openvswitch/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-85927-2
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_pid/rule.yml b/applications/openshift/master/file_groupowner_ovs_pid/rule.yml
index ea9e8e2f53e9..541b62b7124b 100644
--- a/applications/openshift/master/file_groupowner_ovs_pid/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_pid/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-83630-4
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_sys_id_conf_hugetlbfs/rule.yml b/applications/openshift/master/file_groupowner_ovs_sys_id_conf_hugetlbfs/rule.yml
index 465928ed68a0..a5bffc83eacf 100644
--- a/applications/openshift/master/file_groupowner_ovs_sys_id_conf_hugetlbfs/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_sys_id_conf_hugetlbfs/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-85928-0
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_sys_id_conf_openvswitch/rule.yml b/applications/openshift/master/file_groupowner_ovs_sys_id_conf_openvswitch/rule.yml
index 644435a7cb98..40312f6ce2e2 100644
--- a/applications/openshift/master/file_groupowner_ovs_sys_id_conf_openvswitch/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_sys_id_conf_openvswitch/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83677-5
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovs_vswitchd_pid/rule.yml b/applications/openshift/master/file_groupowner_ovs_vswitchd_pid/rule.yml
index e4058048e9ea..6c6a0bd22958 100644
--- a/applications/openshift/master/file_groupowner_ovs_vswitchd_pid/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovs_vswitchd_pid/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-84129-6
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_ovsdb_server_pid/rule.yml b/applications/openshift/master/file_groupowner_ovsdb_server_pid/rule.yml
index 050e2e7e378b..155dba270520 100644
--- a/applications/openshift/master/file_groupowner_ovsdb_server_pid/rule.yml
+++ b/applications/openshift/master/file_groupowner_ovsdb_server_pid/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-84166-8
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_groupowner_scheduler_kubeconfig/rule.yml b/applications/openshift/master/file_groupowner_scheduler_kubeconfig/rule.yml
index 412909773569..b28c3d6d1fb2 100644
--- a/applications/openshift/master/file_groupowner_scheduler_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_groupowner_scheduler_kubeconfig/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.16
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_cni_conf/rule.yml b/applications/openshift/master/file_owner_cni_conf/rule.yml
index 7b141e2c07af..1bc9056102d3 100644
--- a/applications/openshift/master/file_owner_cni_conf/rule.yml
+++ b/applications/openshift/master/file_owner_cni_conf/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-83460-6
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_controller_manager_kubeconfig/rule.yml b/applications/openshift/master/file_owner_controller_manager_kubeconfig/rule.yml
index 02821ef35251..b61771608e87 100644
--- a/applications/openshift/master/file_owner_controller_manager_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_owner_controller_manager_kubeconfig/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.18
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_etcd_data_dir/rule.yml b/applications/openshift/master/file_owner_etcd_data_dir/rule.yml
index 157151692886..d87b2d99336d 100644
--- a/applications/openshift/master/file_owner_etcd_data_dir/rule.yml
+++ b/applications/openshift/master/file_owner_etcd_data_dir/rule.yml
@@ -17,7 +17,6 @@ identifiers:
cce@ocp4: CCE-83905-0
references:
- cis@ocp4: 1.1.12
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_etcd_data_files/rule.yml b/applications/openshift/master/file_owner_etcd_data_files/rule.yml
index 3500e567866b..c92ef469f3e7 100644
--- a/applications/openshift/master/file_owner_etcd_data_files/rule.yml
+++ b/applications/openshift/master/file_owner_etcd_data_files/rule.yml
@@ -17,7 +17,6 @@ identifiers:
cce@ocp4: CCE-84010-8
references:
- cis@ocp4: 1.1.12
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_etcd_member/rule.yml b/applications/openshift/master/file_owner_etcd_member/rule.yml
index f7fd30b41117..4ba8fb25c380 100644
--- a/applications/openshift/master/file_owner_etcd_member/rule.yml
+++ b/applications/openshift/master/file_owner_etcd_member/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-83988-6
references:
- cis@ocp4: 1.1.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_etcd_pki_cert_files/rule.yml b/applications/openshift/master/file_owner_etcd_pki_cert_files/rule.yml
index b22f0f8f5b3d..1f5bacd76311 100644
--- a/applications/openshift/master/file_owner_etcd_pki_cert_files/rule.yml
+++ b/applications/openshift/master/file_owner_etcd_pki_cert_files/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ip_allocations/rule.yml b/applications/openshift/master/file_owner_ip_allocations/rule.yml
index 74bec92f2373..178dbdd115a4 100644
--- a/applications/openshift/master/file_owner_ip_allocations/rule.yml
+++ b/applications/openshift/master/file_owner_ip_allocations/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-84248-4
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_kube_apiserver/rule.yml b/applications/openshift/master/file_owner_kube_apiserver/rule.yml
index 787a721ec7b8..6d9aae39ef2e 100644
--- a/applications/openshift/master/file_owner_kube_apiserver/rule.yml
+++ b/applications/openshift/master/file_owner_kube_apiserver/rule.yml
@@ -16,7 +16,6 @@ identifiers:
cce@ocp4: CCE-83372-3
references:
- cis@ocp4: 1.1.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_kube_controller_manager/rule.yml b/applications/openshift/master/file_owner_kube_controller_manager/rule.yml
index 6d0b7ebf1b22..0b0da88bb78c 100644
--- a/applications/openshift/master/file_owner_kube_controller_manager/rule.yml
+++ b/applications/openshift/master/file_owner_kube_controller_manager/rule.yml
@@ -16,7 +16,6 @@ identifiers:
cce@ocp4: CCE-83795-5
references:
- cis@ocp4: 1.1.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_kube_scheduler/rule.yml b/applications/openshift/master/file_owner_kube_scheduler/rule.yml
index b50d67488fb7..90fa29a6d0e4 100644
--- a/applications/openshift/master/file_owner_kube_scheduler/rule.yml
+++ b/applications/openshift/master/file_owner_kube_scheduler/rule.yml
@@ -16,7 +16,6 @@ identifiers:
cce@ocp4: CCE-83393-9
references:
- cis@ocp4: 1.1.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_kubeconfig/rule.yml b/applications/openshift/master/file_owner_kubeconfig/rule.yml
index 52124d916048..6db348d3e8f0 100644
--- a/applications/openshift/master/file_owner_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_owner_kubeconfig/rule.yml
@@ -15,9 +15,6 @@ severity: medium
#identifiers:
# cce@ocp4: 80633-1
-references:
- cis@ocp4: 1.1.14
-
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/kubernetes/kubeconfig", owner="root") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_owner_master_admin_kubeconfigs/rule.yml b/applications/openshift/master/file_owner_master_admin_kubeconfigs/rule.yml
index d56b99f7b89e..1f0147b30fba 100644
--- a/applications/openshift/master/file_owner_master_admin_kubeconfigs/rule.yml
+++ b/applications/openshift/master/file_owner_master_admin_kubeconfigs/rule.yml
@@ -22,7 +22,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.14
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_multus_conf/rule.yml b/applications/openshift/master/file_owner_multus_conf/rule.yml
index 5bfd65e206e5..f52230ef8c8b 100644
--- a/applications/openshift/master/file_owner_multus_conf/rule.yml
+++ b/applications/openshift/master/file_owner_multus_conf/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@ocp4: CCE-83603-1
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_openshift_pki_cert_files/rule.yml b/applications/openshift/master/file_owner_openshift_pki_cert_files/rule.yml
index 457d69cd5b08..50808bbc946d 100644
--- a/applications/openshift/master/file_owner_openshift_pki_cert_files/rule.yml
+++ b/applications/openshift/master/file_owner_openshift_pki_cert_files/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_openshift_pki_key_files/rule.yml b/applications/openshift/master/file_owner_openshift_pki_key_files/rule.yml
index 7976d8242bb3..6a13ec144795 100644
--- a/applications/openshift/master/file_owner_openshift_pki_key_files/rule.yml
+++ b/applications/openshift/master/file_owner_openshift_pki_key_files/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.19
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_openshift_sdn_cniserver_config/rule.yml b/applications/openshift/master/file_owner_openshift_sdn_cniserver_config/rule.yml
index 9bf76ca6ad95..bcc26c2cf38a 100644
--- a/applications/openshift/master/file_owner_openshift_sdn_cniserver_config/rule.yml
+++ b/applications/openshift/master/file_owner_openshift_sdn_cniserver_config/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83932-4
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_openvswitch/rule.yml b/applications/openshift/master/file_owner_openvswitch/rule.yml
index da6245cf82e8..fcd1915a1e26 100644
--- a/applications/openshift/master/file_owner_openvswitch/rule.yml
+++ b/applications/openshift/master/file_owner_openvswitch/rule.yml
@@ -16,9 +16,6 @@ severity: medium
#identifiers:
# cce@ocp4: 82172-8
-references:
- cis@ocp4: 1.1.10
-
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/openvswitch/.*", owner="root") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_owner_ovn_cni_server_sock/rule.yml b/applications/openshift/master/file_owner_ovn_cni_server_sock/rule.yml
index 7ccc7d4d5957..eb665df11c94 100644
--- a/applications/openshift/master/file_owner_ovn_cni_server_sock/rule.yml
+++ b/applications/openshift/master/file_owner_ovn_cni_server_sock/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-86431-4
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovn_db_files/rule.yml b/applications/openshift/master/file_owner_ovn_db_files/rule.yml
index ab06bde7bd50..651a32c189ed 100644
--- a/applications/openshift/master/file_owner_ovn_db_files/rule.yml
+++ b/applications/openshift/master/file_owner_ovn_db_files/rule.yml
@@ -20,7 +20,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovs_conf_db/rule.yml b/applications/openshift/master/file_owner_ovs_conf_db/rule.yml
index 9d217a9d5fde..8cc76e375dde 100644
--- a/applications/openshift/master/file_owner_ovs_conf_db/rule.yml
+++ b/applications/openshift/master/file_owner_ovs_conf_db/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83489-5
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml b/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml
index 3cdf3b325e81..39903a0bacea 100644
--- a/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml
+++ b/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83462-2
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovs_pid/rule.yml b/applications/openshift/master/file_owner_ovs_pid/rule.yml
index fbee013776b4..dafed6103d1c 100644
--- a/applications/openshift/master/file_owner_ovs_pid/rule.yml
+++ b/applications/openshift/master/file_owner_ovs_pid/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83937-3
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovs_sys_id_conf/rule.yml b/applications/openshift/master/file_owner_ovs_sys_id_conf/rule.yml
index 6dd76a381a3f..8826cd26a2a2 100644
--- a/applications/openshift/master/file_owner_ovs_sys_id_conf/rule.yml
+++ b/applications/openshift/master/file_owner_ovs_sys_id_conf/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-84085-0
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovs_vswitchd_pid/rule.yml b/applications/openshift/master/file_owner_ovs_vswitchd_pid/rule.yml
index 207499e5c8c2..3b882658b5c9 100644
--- a/applications/openshift/master/file_owner_ovs_vswitchd_pid/rule.yml
+++ b/applications/openshift/master/file_owner_ovs_vswitchd_pid/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83888-8
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_ovsdb_server_pid/rule.yml b/applications/openshift/master/file_owner_ovsdb_server_pid/rule.yml
index 1ab840c1c84d..cfb4daef9194 100644
--- a/applications/openshift/master/file_owner_ovsdb_server_pid/rule.yml
+++ b/applications/openshift/master/file_owner_ovsdb_server_pid/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83806-0
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_scheduler_kubeconfig/rule.yml b/applications/openshift/master/file_owner_scheduler_kubeconfig/rule.yml
index 7cf962065918..1401d34f501a 100644
--- a/applications/openshift/master/file_owner_scheduler_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_owner_scheduler_kubeconfig/rule.yml
@@ -17,7 +17,6 @@ identifiers:
cce@ocp4: CCE-84017-3
references:
- cis@ocp4: 1.1.16
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_owner_var_lib_etcd/rule.yml b/applications/openshift/master/file_owner_var_lib_etcd/rule.yml
index a911c3bc4015..88cbfda5fee0 100644
--- a/applications/openshift/master/file_owner_var_lib_etcd/rule.yml
+++ b/applications/openshift/master/file_owner_var_lib_etcd/rule.yml
@@ -12,9 +12,6 @@ rationale: |-
severity: medium
-references:
- cis@ocp4: 1.1.12
-
ocil_clause: '{{{ ocil_clause_file_owner(file="/var/lib/etcd", owner="root") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_permissions_cni_conf/rule.yml b/applications/openshift/master/file_permissions_cni_conf/rule.yml
index ac3d1b5a7772..801a8286b1d1 100644
--- a/applications/openshift/master/file_permissions_cni_conf/rule.yml
+++ b/applications/openshift/master/file_permissions_cni_conf/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83379-8
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_cni_conf_not_s390x/rule.yml b/applications/openshift/master/file_permissions_cni_conf_not_s390x/rule.yml
index 1af6cb886b2c..05f6c432e230 100644
--- a/applications/openshift/master/file_permissions_cni_conf_not_s390x/rule.yml
+++ b/applications/openshift/master/file_permissions_cni_conf_not_s390x/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-86593-1
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_cni_conf_s390x/rule.yml b/applications/openshift/master/file_permissions_cni_conf_s390x/rule.yml
index 7d6bff12e90c..d864b506e550 100644
--- a/applications/openshift/master/file_permissions_cni_conf_s390x/rule.yml
+++ b/applications/openshift/master/file_permissions_cni_conf_s390x/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-86597-2
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_controller_manager_kubeconfig/rule.yml b/applications/openshift/master/file_permissions_controller_manager_kubeconfig/rule.yml
index e91d35860093..a501ff2d8b47 100644
--- a/applications/openshift/master/file_permissions_controller_manager_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_permissions_controller_manager_kubeconfig/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.17
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_etcd_data_dir/rule.yml b/applications/openshift/master/file_permissions_etcd_data_dir/rule.yml
index 0c531830189a..bdd17195a78e 100644
--- a/applications/openshift/master/file_permissions_etcd_data_dir/rule.yml
+++ b/applications/openshift/master/file_permissions_etcd_data_dir/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-84013-2
references:
- cis@ocp4: 1.1.11
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_etcd_data_files/rule.yml b/applications/openshift/master/file_permissions_etcd_data_files/rule.yml
index e1846652801b..552150f52fab 100644
--- a/applications/openshift/master/file_permissions_etcd_data_files/rule.yml
+++ b/applications/openshift/master/file_permissions_etcd_data_files/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-83382-2
references:
- cis@ocp4: 1.1.11
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_etcd_member/rule.yml b/applications/openshift/master/file_permissions_etcd_member/rule.yml
index 2e52684f6953..731e0412af67 100644
--- a/applications/openshift/master/file_permissions_etcd_member/rule.yml
+++ b/applications/openshift/master/file_permissions_etcd_member/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83973-8
references:
- cis@ocp4: 1.1.7
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_etcd_pki_cert_files/rule.yml b/applications/openshift/master/file_permissions_etcd_pki_cert_files/rule.yml
index 5fb4e0cd45d4..a7ba2a63db38 100644
--- a/applications/openshift/master/file_permissions_etcd_pki_cert_files/rule.yml
+++ b/applications/openshift/master/file_permissions_etcd_pki_cert_files/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.20
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ip_allocations/rule.yml b/applications/openshift/master/file_permissions_ip_allocations/rule.yml
index f1cdf9262096..264d54ca82fc 100644
--- a/applications/openshift/master/file_permissions_ip_allocations/rule.yml
+++ b/applications/openshift/master/file_permissions_ip_allocations/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83469-7
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_kube_apiserver/rule.yml b/applications/openshift/master/file_permissions_kube_apiserver/rule.yml
index 7fbb1106be6d..b104b15c068a 100644
--- a/applications/openshift/master/file_permissions_kube_apiserver/rule.yml
+++ b/applications/openshift/master/file_permissions_kube_apiserver/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-83983-7
references:
- cis@ocp4: 1.1.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_kube_controller_manager/rule.yml b/applications/openshift/master/file_permissions_kube_controller_manager/rule.yml
index 41a820de5a0a..ad993adad345 100644
--- a/applications/openshift/master/file_permissions_kube_controller_manager/rule.yml
+++ b/applications/openshift/master/file_permissions_kube_controller_manager/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-84161-9
references:
- cis@ocp4: 1.1.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_kube_scheduler/rule.yml b/applications/openshift/master/file_permissions_kube_scheduler/rule.yml
index 4d62bd1c91f4..a8497cc6ca70 100644
--- a/applications/openshift/master/file_permissions_kube_scheduler/rule.yml
+++ b/applications/openshift/master/file_permissions_kube_scheduler/rule.yml
@@ -17,9 +17,6 @@ severity: medium
#identifiers:
# cce@ocp4:
-references:
- cis@ocp4: 1.1.5
-
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/kubernetes/static-pod-resources/kube-scheduler-pod.yaml", perms="-rw-------") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_permissions_kubeconfig/rule.yml b/applications/openshift/master/file_permissions_kubeconfig/rule.yml
index 1f30b003a67e..c2ce8a5a1eb4 100644
--- a/applications/openshift/master/file_permissions_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_permissions_kubeconfig/rule.yml
@@ -17,9 +17,6 @@ severity: medium
#identifiers:
# cce@ocp4: 80633-1
-references:
- cis@ocp4: 1.1.13
-
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/kubernetes/kubeconfig", perms="-rw-------") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_permissions_master_admin_kubeconfigs/rule.yml b/applications/openshift/master/file_permissions_master_admin_kubeconfigs/rule.yml
index bab65483191c..b86181ddd6cf 100644
--- a/applications/openshift/master/file_permissions_master_admin_kubeconfigs/rule.yml
+++ b/applications/openshift/master/file_permissions_master_admin_kubeconfigs/rule.yml
@@ -22,7 +22,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.13
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_multus_conf/rule.yml b/applications/openshift/master/file_permissions_multus_conf/rule.yml
index 160940f90a39..6b6a64085d67 100644
--- a/applications/openshift/master/file_permissions_multus_conf/rule.yml
+++ b/applications/openshift/master/file_permissions_multus_conf/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83467-1
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_openshift_pki_cert_files/rule.yml b/applications/openshift/master/file_permissions_openshift_pki_cert_files/rule.yml
index f3cb2410f276..2086eda6b18f 100644
--- a/applications/openshift/master/file_permissions_openshift_pki_cert_files/rule.yml
+++ b/applications/openshift/master/file_permissions_openshift_pki_cert_files/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.20
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_openshift_pki_key_files/rule.yml b/applications/openshift/master/file_permissions_openshift_pki_key_files/rule.yml
index 0f117f80017d..b819b3eebeb0 100644
--- a/applications/openshift/master/file_permissions_openshift_pki_key_files/rule.yml
+++ b/applications/openshift/master/file_permissions_openshift_pki_key_files/rule.yml
@@ -18,7 +18,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.21
nerc-cip: CIP-003-8 R1.3,CIP-003-8 R3,CIP-003-8 R3.1,CIP-003-8 R3.2,CIP-003-8 R3.3,CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3
nist: CM-6,CM-6(1),IA-5(2)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_openvswitch/rule.yml b/applications/openshift/master/file_permissions_openvswitch/rule.yml
index 876fc240fdc6..0842c7b7f31c 100644
--- a/applications/openshift/master/file_permissions_openvswitch/rule.yml
+++ b/applications/openshift/master/file_permissions_openvswitch/rule.yml
@@ -17,9 +17,6 @@ severity: medium
#identifiers:
# cce@ocp4: 82173-6
-references:
- cis@ocp4: 1.4.9
-
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/openvswitch/.*", perms="-rw-r--r--") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_permissions_ovn_cni_server_sock/rule.yml b/applications/openshift/master/file_permissions_ovn_cni_server_sock/rule.yml
index 02d1227f0c42..e440b9f846a5 100644
--- a/applications/openshift/master/file_permissions_ovn_cni_server_sock/rule.yml
+++ b/applications/openshift/master/file_permissions_ovn_cni_server_sock/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-86069-2
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovn_db_files/rule.yml b/applications/openshift/master/file_permissions_ovn_db_files/rule.yml
index 534b305b189a..510dc77e7b38 100644
--- a/applications/openshift/master/file_permissions_ovn_db_files/rule.yml
+++ b/applications/openshift/master/file_permissions_ovn_db_files/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-86653-3
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovs_conf_db/rule.yml b/applications/openshift/master/file_permissions_ovs_conf_db/rule.yml
index d8720f7aa6ff..bdf56487424d 100644
--- a/applications/openshift/master/file_permissions_ovs_conf_db/rule.yml
+++ b/applications/openshift/master/file_permissions_ovs_conf_db/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83788-0
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovs_conf_db_lock/rule.yml b/applications/openshift/master/file_permissions_ovs_conf_db_lock/rule.yml
index c4e4b913719f..fea3fceb9c55 100644
--- a/applications/openshift/master/file_permissions_ovs_conf_db_lock/rule.yml
+++ b/applications/openshift/master/file_permissions_ovs_conf_db_lock/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-84202-1
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovs_pid/rule.yml b/applications/openshift/master/file_permissions_ovs_pid/rule.yml
index 85eb3735c7d8..662bff60e4f1 100644
--- a/applications/openshift/master/file_permissions_ovs_pid/rule.yml
+++ b/applications/openshift/master/file_permissions_ovs_pid/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83666-8
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovs_sys_id_conf/rule.yml b/applications/openshift/master/file_permissions_ovs_sys_id_conf/rule.yml
index d0fee0d3e9bd..a153a8b56640 100644
--- a/applications/openshift/master/file_permissions_ovs_sys_id_conf/rule.yml
+++ b/applications/openshift/master/file_permissions_ovs_sys_id_conf/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83400-2
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovs_vswitchd_pid/rule.yml b/applications/openshift/master/file_permissions_ovs_vswitchd_pid/rule.yml
index ec86248676fa..1d1238ffdfb3 100644
--- a/applications/openshift/master/file_permissions_ovs_vswitchd_pid/rule.yml
+++ b/applications/openshift/master/file_permissions_ovs_vswitchd_pid/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83710-4
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_ovsdb_server_pid/rule.yml b/applications/openshift/master/file_permissions_ovsdb_server_pid/rule.yml
index 9e31f05b1244..1a7510b15ce1 100644
--- a/applications/openshift/master/file_permissions_ovsdb_server_pid/rule.yml
+++ b/applications/openshift/master/file_permissions_ovsdb_server_pid/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83679-1
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_scheduler/rule.yml b/applications/openshift/master/file_permissions_scheduler/rule.yml
index 3d809e94625a..cc1916acecef 100644
--- a/applications/openshift/master/file_permissions_scheduler/rule.yml
+++ b/applications/openshift/master/file_permissions_scheduler/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-84057-9
references:
- cis@ocp4: 1.1.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_scheduler_kubeconfig/rule.yml b/applications/openshift/master/file_permissions_scheduler_kubeconfig/rule.yml
index 042b23a02ac6..937565e10364 100644
--- a/applications/openshift/master/file_permissions_scheduler_kubeconfig/rule.yml
+++ b/applications/openshift/master/file_permissions_scheduler_kubeconfig/rule.yml
@@ -19,7 +19,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.1.15
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/master/file_permissions_var_lib_etcd/rule.yml b/applications/openshift/master/file_permissions_var_lib_etcd/rule.yml
index 80c71bde4b0b..81742ad3cae4 100644
--- a/applications/openshift/master/file_permissions_var_lib_etcd/rule.yml
+++ b/applications/openshift/master/file_permissions_var_lib_etcd/rule.yml
@@ -13,9 +13,6 @@ rationale: |-
severity: medium
-references:
- cis@ocp4: 1.1.11
-
ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/lib/etcd", perms="-rwx------") }}}'
ocil: |-
diff --git a/applications/openshift/master/file_perms_openshift_sdn_cniserver_config/rule.yml b/applications/openshift/master/file_perms_openshift_sdn_cniserver_config/rule.yml
index 1169e0f85978..c1172a95a5e9 100644
--- a/applications/openshift/master/file_perms_openshift_sdn_cniserver_config/rule.yml
+++ b/applications/openshift/master/file_perms_openshift_sdn_cniserver_config/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83927-4
references:
- cis@ocp4: 1.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/networking/configure_network_policies/rule.yml b/applications/openshift/networking/configure_network_policies/rule.yml
index d01c98935abb..fc5cd674a1a0 100644
--- a/applications/openshift/networking/configure_network_policies/rule.yml
+++ b/applications/openshift/networking/configure_network_policies/rule.yml
@@ -17,7 +17,6 @@ rationale: |-
severity: high
references:
- cis@ocp4: 5.3.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-1.1.4,Req-1.2,Req-2.2
diff --git a/applications/openshift/networking/configure_network_policies_hypershift_hosted/rule.yml b/applications/openshift/networking/configure_network_policies_hypershift_hosted/rule.yml
index 57fecae5e9d4..cad4d44214ba 100644
--- a/applications/openshift/networking/configure_network_policies_hypershift_hosted/rule.yml
+++ b/applications/openshift/networking/configure_network_policies_hypershift_hosted/rule.yml
@@ -25,7 +25,6 @@ identifiers:
cce@ocp4: CCE-86104-7
references:
- cis@ocp4: 5.3.2
pcidss: Req-1.1.4,Req-1.2,Req-1.2.1,Req-1.3.1,Req-1.3.2,Req-2.2
platform: ocp4-on-hypershift
diff --git a/applications/openshift/networking/configure_network_policies_namespaces/rule.yml b/applications/openshift/networking/configure_network_policies_namespaces/rule.yml
index 3804944cae51..02cff9280258 100644
--- a/applications/openshift/networking/configure_network_policies_namespaces/rule.yml
+++ b/applications/openshift/networking/configure_network_policies_namespaces/rule.yml
@@ -18,7 +18,6 @@ severity: high
references:
cis@eks: 4.3.2
- cis@ocp4: 5.3.2
nerc-cip: CIP-003-8 R4,CIP-003-8 R4.2,CIP-003-8 R5,CIP-003-8 R6,CIP-004-6 R2.2.4,CIP-004-6 R3,CIP-007-3 R2,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: AC-4,AC-4(21),CA-3(5),CM-6,CM-6(1),CM-7,CM-7(1),SC-7,SC-7(3),SC-7(5),SC-7(8),SC-7(12),SC-7(13),SC-7(18),SC-7(10),SI-4(22)
pcidss: Req-1.1.4,Req-1.2,Req-1.2.1,Req-1.3.1,Req-1.3.2,Req-2.2
diff --git a/applications/openshift/networking/ingress_controller_tls_cipher_suites/rule.yml b/applications/openshift/networking/ingress_controller_tls_cipher_suites/rule.yml
index 5e74b1740d69..752021380a8b 100644
--- a/applications/openshift/networking/ingress_controller_tls_cipher_suites/rule.yml
+++ b/applications/openshift/networking/ingress_controller_tls_cipher_suites/rule.yml
@@ -17,9 +17,6 @@ severity: medium
#identifiers:
# cce@ocp4:
-references:
- cis@ocp4: 4.2.12
-
ocil_clause: "Ingress controller TLS cipher suite configuration is incomplete or possibly insecure"
ocil: |-
diff --git a/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxbackup/rule.yml b/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxbackup/rule.yml
index 62cbb266ed80..bcc20173c0d5 100644
--- a/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxbackup/rule.yml
+++ b/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxbackup/rule.yml
@@ -37,7 +37,6 @@ identifiers:
severity: low
references:
- cis@ocp4: 1.2.22
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxsize/rule.yml b/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxsize/rule.yml
index 14c76cf49079..a2d6b3bdd9d7 100644
--- a/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxsize/rule.yml
+++ b/applications/openshift/openshift-api-server/ocp_api_server_audit_log_maxsize/rule.yml
@@ -37,7 +37,6 @@ identifiers:
severity: medium
references:
- cis@ocp4: 1.2.23
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/openshift-api-server/openshift_api_server_audit_log_path/rule.yml b/applications/openshift/openshift-api-server/openshift_api_server_audit_log_path/rule.yml
index 712ec6f322bb..3777e182a267 100644
--- a/applications/openshift/openshift-api-server/openshift_api_server_audit_log_path/rule.yml
+++ b/applications/openshift/openshift-api-server/openshift_api_server_audit_log_path/rule.yml
@@ -36,7 +36,6 @@ identifiers:
severity: high
references:
- cis@ocp4: 1.2.20
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/rbac/rbac_debug_role_protects_pprof/rule.yml b/applications/openshift/rbac/rbac_debug_role_protects_pprof/rule.yml
index 7da11a730408..07ce91163d31 100644
--- a/applications/openshift/rbac/rbac_debug_role_protects_pprof/rule.yml
+++ b/applications/openshift/rbac/rbac_debug_role_protects_pprof/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-84182-5
references:
- cis@ocp4: 1.3.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/rbac/rbac_least_privilege/rule.yml b/applications/openshift/rbac/rbac_least_privilege/rule.yml
index 277343e6e3b2..6f084e176843 100644
--- a/applications/openshift/rbac/rbac_least_privilege/rule.yml
+++ b/applications/openshift/rbac/rbac_least_privilege/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@ocp4: CCE-90678-4
references:
- cis@ocp4: 5.2.10
nist: AC-3,CM-5(6),IA-2,IA-2(5),AC-6(10),CM-11(2),CM-5(1),CM-7(5)(b)
srg: SRG-APP-000033-CTR-000090,SRG-APP-000033-CTR-000095,SRG-APP-000033-CTR-000100,SRG-APP-000133-CTR-000290,SRG-APP-000133-CTR-000295,SRG-APP-000133-CTR-000300,SRG-APP-000133-CTR-000305,SRG-APP-000133-CTR-000310,SRG-APP-000148-CTR-000350,SRG-APP-000153-CTR-000375,SRG-APP-000340-CTR-000770,SRG-APP-000378-CTR-000880,SRG-APP-000378-CTR-000885,SRG-APP-000378-CTR-000890,SRG-APP-000380-CTR-000900,SRG-APP-000386-CTR-000920
diff --git a/applications/openshift/rbac/rbac_limit_cluster_admin/rule.yml b/applications/openshift/rbac/rbac_limit_cluster_admin/rule.yml
index 145870c5560a..f1b6d97461bb 100644
--- a/applications/openshift/rbac/rbac_limit_cluster_admin/rule.yml
+++ b/applications/openshift/rbac/rbac_limit_cluster_admin/rule.yml
@@ -20,7 +20,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.1.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1),CM-8(3)
pcidss: Req-2.2,Req-7.1.2,Req-10.5.1
diff --git a/applications/openshift/rbac/rbac_limit_secrets_access/rule.yml b/applications/openshift/rbac/rbac_limit_secrets_access/rule.yml
index 58dedbe4bcec..4070144eb20a 100644
--- a/applications/openshift/rbac/rbac_limit_secrets_access/rule.yml
+++ b/applications/openshift/rbac/rbac_limit_secrets_access/rule.yml
@@ -21,7 +21,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.1.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/rbac/rbac_pod_creation_access/rule.yml b/applications/openshift/rbac/rbac_pod_creation_access/rule.yml
index d30affe28464..525fec1562a1 100644
--- a/applications/openshift/rbac/rbac_pod_creation_access/rule.yml
+++ b/applications/openshift/rbac/rbac_pod_creation_access/rule.yml
@@ -16,7 +16,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.1.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/rbac/rbac_wildcard_use/rule.yml b/applications/openshift/rbac/rbac_wildcard_use/rule.yml
index 9e589e15bce5..1b3473c90f86 100644
--- a/applications/openshift/rbac/rbac_wildcard_use/rule.yml
+++ b/applications/openshift/rbac/rbac_wildcard_use/rule.yml
@@ -20,7 +20,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.1.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/registry/ocp_allowed_registries/rule.yml b/applications/openshift/registry/ocp_allowed_registries/rule.yml
index 3c828ed9d4d1..fd5f5401f629 100644
--- a/applications/openshift/registry/ocp_allowed_registries/rule.yml
+++ b/applications/openshift/registry/ocp_allowed_registries/rule.yml
@@ -33,7 +33,6 @@ ocil: |-
make sure the output is not empty and matches the registries that you wish to allow.
references:
- cis@ocp4: '5.5.1'
nist: CM-5(3),CM-7(2),CM-7(5),CM-11
srg: SRG-APP-000456-CTR-001125
diff --git a/applications/openshift/registry/ocp_allowed_registries_for_import/rule.yml b/applications/openshift/registry/ocp_allowed_registries_for_import/rule.yml
index 600f96d8fee9..d0ceb868cd80 100644
--- a/applications/openshift/registry/ocp_allowed_registries_for_import/rule.yml
+++ b/applications/openshift/registry/ocp_allowed_registries_for_import/rule.yml
@@ -24,7 +24,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: '5.5.1'
nist: CM-5(3),CM-7(2),CM-7(5),CM-11
srg: SRG-APP-000456-CTR-001125
diff --git a/applications/openshift/registry/ocp_insecure_allowed_registries_for_import/rule.yml b/applications/openshift/registry/ocp_insecure_allowed_registries_for_import/rule.yml
index cbb7dc2feb38..70137941dabb 100644
--- a/applications/openshift/registry/ocp_insecure_allowed_registries_for_import/rule.yml
+++ b/applications/openshift/registry/ocp_insecure_allowed_registries_for_import/rule.yml
@@ -30,7 +30,6 @@ identifiers:
cce@ocp4: CCE-86235-9
references:
- cis@ocp4: '5.5.1'
nist: CM-5(3)
srg: SRG-APP-000014-CTR-000035
diff --git a/applications/openshift/registry/ocp_insecure_registries/rule.yml b/applications/openshift/registry/ocp_insecure_registries/rule.yml
index 955b671d2873..a034fd97277c 100644
--- a/applications/openshift/registry/ocp_insecure_registries/rule.yml
+++ b/applications/openshift/registry/ocp_insecure_registries/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@ocp4: CCE-86123-7
references:
- cis@ocp4: '5.5.1'
nist: CM-5(3)
srg: SRG-APP-000014-CTR-000035
diff --git a/applications/openshift/scc/scc_drop_container_capabilities/rule.yml b/applications/openshift/scc/scc_drop_container_capabilities/rule.yml
index 7ed4e5dfde89..815a023f2883 100644
--- a/applications/openshift/scc/scc_drop_container_capabilities/rule.yml
+++ b/applications/openshift/scc/scc_drop_container_capabilities/rule.yml
@@ -20,7 +20,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.2.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_container_allowed_capabilities/rule.yml b/applications/openshift/scc/scc_limit_container_allowed_capabilities/rule.yml
index 647e58743cb7..4c7dcd1cfc27 100644
--- a/applications/openshift/scc/scc_limit_container_allowed_capabilities/rule.yml
+++ b/applications/openshift/scc/scc_limit_container_allowed_capabilities/rule.yml
@@ -50,7 +50,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.2.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_host_dir_volume_plugin/rule.yml b/applications/openshift/scc/scc_limit_host_dir_volume_plugin/rule.yml
index a647219e09f5..dde3aa9ca4de 100644
--- a/applications/openshift/scc/scc_limit_host_dir_volume_plugin/rule.yml
+++ b/applications/openshift/scc/scc_limit_host_dir_volume_plugin/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-86255-7
references:
- cis@ocp4: 5.2.12
nist: AC-6,AC-6(1)
srg: SRG-APP-000142-CTR-000330
diff --git a/applications/openshift/scc/scc_limit_ipc_namespace/rule.yml b/applications/openshift/scc/scc_limit_ipc_namespace/rule.yml
index 4b4c512716de..d72c51d9bf89 100644
--- a/applications/openshift/scc/scc_limit_ipc_namespace/rule.yml
+++ b/applications/openshift/scc/scc_limit_ipc_namespace/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-84042-1
references:
- cis@ocp4: 5.2.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_net_raw_capability/rule.yml b/applications/openshift/scc/scc_limit_net_raw_capability/rule.yml
index 9404c6e54145..f8021fa1a106 100644
--- a/applications/openshift/scc/scc_limit_net_raw_capability/rule.yml
+++ b/applications/openshift/scc/scc_limit_net_raw_capability/rule.yml
@@ -19,7 +19,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.2.7
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_network_namespace/rule.yml b/applications/openshift/scc/scc_limit_network_namespace/rule.yml
index 91c795a992df..ac2c97207f0e 100644
--- a/applications/openshift/scc/scc_limit_network_namespace/rule.yml
+++ b/applications/openshift/scc/scc_limit_network_namespace/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-83492-9
references:
- cis@ocp4: 5.2.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_privilege_escalation/rule.yml b/applications/openshift/scc/scc_limit_privilege_escalation/rule.yml
index 4d194c37b43b..be1ca4657443 100644
--- a/applications/openshift/scc/scc_limit_privilege_escalation/rule.yml
+++ b/applications/openshift/scc/scc_limit_privilege_escalation/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@ocp4: CCE-83447-3
references:
- cis@ocp4: 5.2.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_privileged_containers/rule.yml b/applications/openshift/scc/scc_limit_privileged_containers/rule.yml
index bd6c5e43072e..a987eb48a841 100644
--- a/applications/openshift/scc/scc_limit_privileged_containers/rule.yml
+++ b/applications/openshift/scc/scc_limit_privileged_containers/rule.yml
@@ -18,7 +18,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.2.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_process_id_namespace/rule.yml b/applications/openshift/scc/scc_limit_process_id_namespace/rule.yml
index 44e38b05edfc..38b00bf9f7f1 100644
--- a/applications/openshift/scc/scc_limit_process_id_namespace/rule.yml
+++ b/applications/openshift/scc/scc_limit_process_id_namespace/rule.yml
@@ -17,7 +17,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.2.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scc/scc_limit_root_containers/rule.yml b/applications/openshift/scc/scc_limit_root_containers/rule.yml
index df5727c4cd29..6569c5998b71 100644
--- a/applications/openshift/scc/scc_limit_root_containers/rule.yml
+++ b/applications/openshift/scc/scc_limit_root_containers/rule.yml
@@ -25,7 +25,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.2.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml b/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml
index 120d09335f4f..baf56cb218ca 100644
--- a/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml
+++ b/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml
@@ -26,7 +26,6 @@ rationale: |-
components that monitor the kubelet health.
references:
- cis@ocp4: 1.4.2
nerc-cip: CIP-003-8 R4.2,CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R5.1,CIP-007-3 R6.1
nist: CM-6,CM-6(1),SC-8,SC-8(1)
pcidss: Req-2.2
diff --git a/applications/openshift/scheduler/scheduler_port_is_zero/rule.yml b/applications/openshift/scheduler/scheduler_port_is_zero/rule.yml
index 31dcace7ca2a..44cb196aaf27 100644
--- a/applications/openshift/scheduler/scheduler_port_is_zero/rule.yml
+++ b/applications/openshift/scheduler/scheduler_port_is_zero/rule.yml
@@ -25,9 +25,6 @@ rationale: |-
the port of the localhost healthz endpoint. Changing this value may disrupt
components that monitor the kubelet health.
-references:
- cis@ocp4: 1.4.2
-
severity: medium
platform: not ocp4-on-hypershift-hosted
diff --git a/applications/openshift/scheduler/scheduler_profiling_protected_by_rbac/rule.yml b/applications/openshift/scheduler/scheduler_profiling_protected_by_rbac/rule.yml
index 1ed57e009819..5770211f7114 100644
--- a/applications/openshift/scheduler/scheduler_profiling_protected_by_rbac/rule.yml
+++ b/applications/openshift/scheduler/scheduler_profiling_protected_by_rbac/rule.yml
@@ -6,8 +6,6 @@ description: |-
rationale: |-
The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such it should only be bound to a localhost interface, to minimize the cluster's attack surface
severity: medium
-references:
- cis@ocp4: 1.4.1
ocil: |-
In OpenShift 4, The Kubernetes Scheduler operator manages and updates the Kubernetes Scheduler deployed on top of OpenShift. By default, the operator exposes metrics via metrics service. The metrics are collected from the Kubernetes Scheduler operator. Profiling data is sent to `healthzPort`, the port of the localhost `healthz` endpoint. Changing this value may disrupt components that monitor the kubelet health. The default `healthz` `port` value is `10251`, and the `healthz` `bindAddress` is `127.0.0.1`
diff --git a/applications/openshift/scheduler/scheduler_service_protected_by_rbac/rule.yml b/applications/openshift/scheduler/scheduler_service_protected_by_rbac/rule.yml
index d8e348320f95..d724db7fe8af 100644
--- a/applications/openshift/scheduler/scheduler_service_protected_by_rbac/rule.yml
+++ b/applications/openshift/scheduler/scheduler_service_protected_by_rbac/rule.yml
@@ -5,8 +5,6 @@ description: 'Do not bind the scheduler service to non-loopback insecure address
rationale: |-
The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such it should only be bound to a localhost interface, to minimize the cluster's attack surface
severity: medium
-references:
- cis@ocp4: 1.4.2
ocil: |-
In OpenShift 4, The Kubernetes Scheduler operator manages and updates the Kubernetes Scheduler deployed on top of OpenShift. By default, the operator exposes metrics via metrics service. The metrics are collected from the Kubernetes Scheduler operator. Profiling data is sent to `healthzPort`, the port of the localhost `healthz` endpoint. Changing this value may disrupt components that monitor the kubelet health. The default `healthz` `port` value is `10251`, and the `healthz` `bindAddress` is `127.0.0.1`
diff --git a/applications/openshift/secrets/secrets_consider_external_storage/rule.yml b/applications/openshift/secrets/secrets_consider_external_storage/rule.yml
index e786d43da5d4..eaf0a77b193a 100644
--- a/applications/openshift/secrets/secrets_consider_external_storage/rule.yml
+++ b/applications/openshift/secrets/secrets_consider_external_storage/rule.yml
@@ -20,7 +20,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.4.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/secrets/secrets_no_environment_variables/rule.yml b/applications/openshift/secrets/secrets_no_environment_variables/rule.yml
index d1847fd9eda7..e177c8fd0084 100644
--- a/applications/openshift/secrets/secrets_no_environment_variables/rule.yml
+++ b/applications/openshift/secrets/secrets_no_environment_variables/rule.yml
@@ -15,7 +15,6 @@ rationale: |-
severity: medium
references:
- cis@ocp4: 5.4.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/worker/file_groupowner_kubelet_conf/rule.yml b/applications/openshift/worker/file_groupowner_kubelet_conf/rule.yml
index 57bfbe483285..a646ba7c656e 100644
--- a/applications/openshift/worker/file_groupowner_kubelet_conf/rule.yml
+++ b/applications/openshift/worker/file_groupowner_kubelet_conf/rule.yml
@@ -24,7 +24,6 @@ identifiers:
references:
cis@eks: 3.1.4
- cis@ocp4: 4.1.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_groupowner_proxy_kubeconfig/rule.yml b/applications/openshift/worker/file_groupowner_proxy_kubeconfig/rule.yml
index 6aed1d9d2980..aadd2c0aa0fa 100644
--- a/applications/openshift/worker/file_groupowner_proxy_kubeconfig/rule.yml
+++ b/applications/openshift/worker/file_groupowner_proxy_kubeconfig/rule.yml
@@ -31,7 +31,6 @@ severity: medium
# cce@ocp4: 80633-1
references:
- cis@ocp4: 4.1.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/worker/file_groupowner_worker_ca/rule.yml b/applications/openshift/worker/file_groupowner_worker_ca/rule.yml
index 38414d9fa4d6..b9e1d34b445d 100644
--- a/applications/openshift/worker/file_groupowner_worker_ca/rule.yml
+++ b/applications/openshift/worker/file_groupowner_worker_ca/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-83440-8
references:
- cis@ocp4: 4.1.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_groupowner_worker_kubeconfig/rule.yml b/applications/openshift/worker/file_groupowner_worker_kubeconfig/rule.yml
index aa1216029b04..ec89855049ab 100644
--- a/applications/openshift/worker/file_groupowner_worker_kubeconfig/rule.yml
+++ b/applications/openshift/worker/file_groupowner_worker_kubeconfig/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-83409-3
references:
- cis@ocp4: 4.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_groupowner_worker_service/rule.yml b/applications/openshift/worker/file_groupowner_worker_service/rule.yml
index 1ed92064a513..8f57fb4820ef 100644
--- a/applications/openshift/worker/file_groupowner_worker_service/rule.yml
+++ b/applications/openshift/worker/file_groupowner_worker_service/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83975-3
references:
- cis@ocp4: 4.1.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_owner_kubelet/rule.yml b/applications/openshift/worker/file_owner_kubelet/rule.yml
index a6f8d63a2951..4f7e90fb1381 100644
--- a/applications/openshift/worker/file_owner_kubelet/rule.yml
+++ b/applications/openshift/worker/file_owner_kubelet/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-85900-9
references:
- cis@ocp4: 4.1.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_owner_kubelet_conf/rule.yml b/applications/openshift/worker/file_owner_kubelet_conf/rule.yml
index 9a26bb735ff7..37747ba2d393 100644
--- a/applications/openshift/worker/file_owner_kubelet_conf/rule.yml
+++ b/applications/openshift/worker/file_owner_kubelet_conf/rule.yml
@@ -25,7 +25,6 @@ identifiers:
references:
cis@eks: 3.1.4
- cis@ocp4: 4.1.6
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_owner_proxy_kubeconfig/rule.yml b/applications/openshift/worker/file_owner_proxy_kubeconfig/rule.yml
index 2eefc9c95b70..7b241c523fb1 100644
--- a/applications/openshift/worker/file_owner_proxy_kubeconfig/rule.yml
+++ b/applications/openshift/worker/file_owner_proxy_kubeconfig/rule.yml
@@ -32,7 +32,6 @@ severity: medium
# cce@ocp4: 80633-1
references:
- cis@ocp4: 4.1.4
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/worker/file_owner_worker_ca/rule.yml b/applications/openshift/worker/file_owner_worker_ca/rule.yml
index ace76a295150..7eb39f57a930 100644
--- a/applications/openshift/worker/file_owner_worker_ca/rule.yml
+++ b/applications/openshift/worker/file_owner_worker_ca/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-83495-2
references:
- cis@ocp4: 4.1.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_owner_worker_kubeconfig/rule.yml b/applications/openshift/worker/file_owner_worker_kubeconfig/rule.yml
index 42a78549cfac..8edefaa5ebd2 100644
--- a/applications/openshift/worker/file_owner_worker_kubeconfig/rule.yml
+++ b/applications/openshift/worker/file_owner_worker_kubeconfig/rule.yml
@@ -19,7 +19,6 @@ identifiers:
references:
cis@eks: 3.1.2
- cis@ocp4: 4.1.10
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_owner_worker_service/rule.yml b/applications/openshift/worker/file_owner_worker_service/rule.yml
index 103c7c508c1c..c6d16e6ff4fe 100644
--- a/applications/openshift/worker/file_owner_worker_service/rule.yml
+++ b/applications/openshift/worker/file_owner_worker_service/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-84193-2
references:
- cis@ocp4: 4.1.2
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_permissions_kubelet/rule.yml b/applications/openshift/worker/file_permissions_kubelet/rule.yml
index 6e131af119eb..98a03f304b69 100644
--- a/applications/openshift/worker/file_permissions_kubelet/rule.yml
+++ b/applications/openshift/worker/file_permissions_kubelet/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@ocp4: CCE-85896-9
references:
- cis@ocp4: 4.1.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_permissions_kubelet_conf/rule.yml b/applications/openshift/worker/file_permissions_kubelet_conf/rule.yml
index fe7f58b3c1a3..7393d458ffd8 100644
--- a/applications/openshift/worker/file_permissions_kubelet_conf/rule.yml
+++ b/applications/openshift/worker/file_permissions_kubelet_conf/rule.yml
@@ -27,7 +27,6 @@ identifiers:
references:
cis@eks: 3.1.3
- cis@ocp4: 4.1.5
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_permissions_proxy_kubeconfig/rule.yml b/applications/openshift/worker/file_permissions_proxy_kubeconfig/rule.yml
index 308b96351132..0193f0fbaace 100644
--- a/applications/openshift/worker/file_permissions_proxy_kubeconfig/rule.yml
+++ b/applications/openshift/worker/file_permissions_proxy_kubeconfig/rule.yml
@@ -38,7 +38,6 @@ identifiers:
references:
- cis@ocp4: 4.1.3
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
pcidss: Req-2.2
diff --git a/applications/openshift/worker/file_permissions_worker_ca/rule.yml b/applications/openshift/worker/file_permissions_worker_ca/rule.yml
index 55c9c89d0649..d8d254489c5f 100644
--- a/applications/openshift/worker/file_permissions_worker_ca/rule.yml
+++ b/applications/openshift/worker/file_permissions_worker_ca/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@ocp4: CCE-83493-7
references:
- cis@ocp4: 4.1.7
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_permissions_worker_kubeconfig/rule.yml b/applications/openshift/worker/file_permissions_worker_kubeconfig/rule.yml
index 3519440aa85a..8dcb2f27eb86 100644
--- a/applications/openshift/worker/file_permissions_worker_kubeconfig/rule.yml
+++ b/applications/openshift/worker/file_permissions_worker_kubeconfig/rule.yml
@@ -29,7 +29,6 @@ identifiers:
references:
cis@eks: 3.1.1
- cis@ocp4: 4.1.9
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/applications/openshift/worker/file_permissions_worker_service/rule.yml b/applications/openshift/worker/file_permissions_worker_service/rule.yml
index dec05ebc4dbe..05b8a861189c 100644
--- a/applications/openshift/worker/file_permissions_worker_service/rule.yml
+++ b/applications/openshift/worker/file_permissions_worker_service/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@ocp4: CCE-83455-6
references:
- cis@ocp4: 4.1.1
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
nist: CM-6,CM-6(1)
srg: SRG-APP-000516-CTR-001325
diff --git a/controls/cis_ocp.yml b/controls/cis_ocp.yml
index e21fa1663d7d..b655dc376154 100644
--- a/controls/cis_ocp.yml
+++ b/controls/cis_ocp.yml
@@ -3,6 +3,8 @@ policy: CIS Red Hat OpenShift Container Platform 4 Benchmark
title: CIS Red Hat OpenShift Container Platform 4 Benchmark
id: cis_ocp
source: https://www.cisecurity.org/benchmark/kubernetes
+product: ocp4
+version: '1.7.0'
levels:
- id: level_1
diff --git a/controls/cis_ocp_190.yml b/controls/cis_ocp_190.yml
index 67106b1b5a9e..783beeeb65ad 100644
--- a/controls/cis_ocp_190.yml
+++ b/controls/cis_ocp_190.yml
@@ -3,6 +3,9 @@ policy: CIS Red Hat OpenShift Container Platform 4 Benchmark
title: CIS Red Hat OpenShift Container Platform 4 Benchmark
id: cis_ocp_190
source: https://www.cisecurity.org/benchmark/kubernetes
+product: ocp4
+version: '1.9.0'
+reference_type: cis
levels:
- id: level_1