Add CIS OpenShift 1.9.0 profile and controls

rhmdnd · rhmdnd · commit dcdb5088a7bc · 2026-02-19T13:54:15.000-06:00
CIS 1.9.0 benchmark has some minor differences from 1.7.0. Let's add
some separate control files for 1.9.0 so we can make those changes
without affecting 1.7.0.

Assisted-By: Claude Opus 4.6
diff --git a/controls/cis_ocp_190.yml b/controls/cis_ocp_190.yml
@@ -0,0 +1,11 @@
+---
+policy: CIS Red Hat OpenShift Container Platform 4 Benchmark
+title: CIS Red Hat OpenShift Container Platform 4 Benchmark
+id: cis_ocp_190
+source: https://www.cisecurity.org/benchmark/kubernetes
+
+levels:
+    - id: level_1
+    - id: level_2
+      inherits_from:
+          - level_1
diff --git a/products/ocp4/profiles/cis-1-9.profile b/products/ocp4/profiles/cis-1-9.profile
@@ -28,7 +28,7 @@ filter_rules: '"ocp4-node" not in platform and "ocp4-master-node" not in platfor
     not in platform and "ocp4-node-on-ovn" not in platform'
 
 selections:
-    - cis_ocp:all
+    - cis_ocp_190:all
     ### Variables
     - var_openshift_audit_profile=WriteRequestBodies
     ### Helper Rules
diff --git a/products/ocp4/profiles/cis-node-1-9.profile b/products/ocp4/profiles/cis-node-1-9.profile
@@ -28,4 +28,4 @@ filter_rules: '"ocp4-node" in platform or "ocp4-master-node" in platform or "ocp
     or "ocp4-node-on-ovn" in platform'
 
 selections:
-    - cis_ocp:all
+    - cis_ocp_190:all
