Bump CIS OpenShift version from 1.7.0 to 1.9.0

rhmdnd · rhmdnd · commit fbc150677bcd · 2026-02-19T13:54:02.000-06:00
Version 1.9.0 was released last month. Let's update the profile to match
the latest version.

Assisted-By: Claude Opus 4.6
diff --git a/products/ocp4/profiles/cis-1-7.profile b/products/ocp4/profiles/cis-1-7.profile
@@ -5,6 +5,8 @@ title: 'CIS Red Hat OpenShift Container Platform 4 Benchmark'
 
 platform: ocp4
 
+status: deprecated
+
 metadata:
     SMEs:
         - rhmdnd
diff --git a/products/ocp4/profiles/cis-1-9.profile b/products/ocp4/profiles/cis-1-9.profile
@@ -0,0 +1,37 @@
+---
+documentation_complete: true
+
+title: 'CIS Red Hat OpenShift Container Platform 4 Benchmark'
+
+platform: ocp4
+
+metadata:
+    SMEs:
+        - rhmdnd
+        - Vincent056
+        - yuumasato
+    version: 1.9.0
+
+description: |-
+    This profile defines a baseline that aligns to the Center for Internet Security®
+    Red Hat OpenShift Container Platform 4 Benchmark™, V1.9.0.
+
+    This profile includes Center for Internet Security®
+    Red Hat OpenShift Container Platform 4 CIS Benchmarks™ content.
+
+    Note that this part of the profile is meant to run on the Platform that
+    Red Hat OpenShift Container Platform 4 runs on top of.
+
+    This profile is applicable to OpenShift versions 4.12 and greater.
+
+filter_rules: '"ocp4-node" not in platform and "ocp4-master-node" not in platform and "ocp4-node-on-sdn"
+    not in platform and "ocp4-node-on-ovn" not in platform'
+
+selections:
+    - cis_ocp:all
+    ### Variables
+    - var_openshift_audit_profile=WriteRequestBodies
+    ### Helper Rules
+    ### This is a helper rule to fetch the required api resource for detecting OCP version
+    - version_detect_in_ocp
+    - version_detect_in_hypershift
diff --git a/products/ocp4/profiles/cis-node-1-7.profile b/products/ocp4/profiles/cis-node-1-7.profile
@@ -5,6 +5,8 @@ title: 'CIS Red Hat OpenShift Container Platform 4 Benchmark'
 
 platform: ocp4-node
 
+status: deprecated
+
 metadata:
     SMEs:
         - rhmdnd
diff --git a/products/ocp4/profiles/cis-node-1-9.profile b/products/ocp4/profiles/cis-node-1-9.profile
@@ -0,0 +1,31 @@
+---
+documentation_complete: true
+
+title: 'CIS Red Hat OpenShift Container Platform 4 Benchmark'
+
+platform: ocp4-node
+
+metadata:
+    SMEs:
+        - rhmdnd
+        - Vincent056
+        - yuumasato
+    version: 1.9.0
+
+description: |-
+    This profile defines a baseline that aligns to the Center for Internet Security®
+    Red Hat OpenShift Container Platform 4 Benchmark™, V1.9.0.
+
+    This profile includes Center for Internet Security®
+    Red Hat OpenShift Container Platform 4 CIS Benchmarks™ content.
+
+    Note that this part of the profile is meant to run on the Operating System that
+    Red Hat OpenShift Container Platform 4 runs on top of.
+
+    This profile is applicable to OpenShift versions 4.12 and greater.
+
+filter_rules: '"ocp4-node" in platform or "ocp4-master-node" in platform or "ocp4-node-on-sdn" in platform
+    or "ocp4-node-on-ovn" in platform'
+
+selections:
+    - cis_ocp:all
diff --git a/products/ocp4/profiles/cis-node.profile b/products/ocp4/profiles/cis-node.profile
@@ -10,11 +10,11 @@ metadata:
         - rhmdnd
         - Vincent056
         - yuumasato
-    version: 1.7.0
+    version: 1.9.0
 
 description: |-
     This profile defines a baseline that aligns to the Center for Internet Security®
-    Red Hat OpenShift Container Platform 4 Benchmark™, V1.7.
+    Red Hat OpenShift Container Platform 4 Benchmark™, V1.9.0.
 
     This profile includes Center for Internet Security®
     Red Hat OpenShift Container Platform 4 CIS Benchmarks™ content.
@@ -24,4 +24,4 @@ description: |-
 
     This profile is applicable to OpenShift versions 4.12 and greater.
 
-extends: cis-node-1-7
+extends: cis-node-1-9
diff --git a/products/ocp4/profiles/cis.profile b/products/ocp4/profiles/cis.profile
@@ -10,11 +10,11 @@ metadata:
         - rhmdnd
         - Vincent056
         - yuumasato
-    version: 1.7.0
+    version: 1.9.0
 
 description: |-
     This profile defines a baseline that aligns to the Center for Internet Security®
-    Red Hat OpenShift Container Platform 4 Benchmark™, V1.7.
+    Red Hat OpenShift Container Platform 4 Benchmark™, V1.9.0.
 
     This profile includes Center for Internet Security®
     Red Hat OpenShift Container Platform 4 CIS Benchmarks™ content.
@@ -24,4 +24,4 @@ description: |-
 
     This profile is applicable to OpenShift versions 4.12 and greater.
 
-extends: cis-1-7
+extends: cis-1-9
