CIS Red Hat OpenShift Benchmark, continuously evidenced.
The CIS Red Hat OpenShift Container Platform Benchmark v1.9.0 defines 111 controls specific to OpenShift, including OpenShift Authentication, OAuth, Routes and Ingress, Security Context Constraints, OpenShift API Server, and Red Hat-specific control-plane hardening. CISGuard supports OpenShift on bare metal, on cloud (ARO, ROSA, ROKS), and air-gapped deployments.
Red Hat OpenShift benchmark at a glance.
- Benchmark version
- v1.9.0
- Total controls
- 111
- Scan type
- Agentless
- Available tier
- Pro and above
- Category
- Container & Orchestration
- Drift detection
- Yes, between every scheduled scan
What this benchmark actually covers.
- OpenShift Authentication + OAuth
- Security Context Constraints (SCCs)
- OpenShift API Server
- Routes + Ingress controllers
- Internal Image Registry
- OpenShift-specific control-plane hardening
- Compliance Operator integration
Red Hat OpenShift questions, answered directly.
Does CISGuard integrate with OpenShift Compliance Operator?
CISGuard runs independently from the OpenShift Compliance Operator but the two can coexist. The Compliance Operator runs the CIS scan natively on the cluster; CISGuard provides the multi-framework evidence layer that maps the CIS results to NIST 800-53, ISO 27001, SOC 2, and other frameworks.
Does CISGuard support OpenShift on ARO, ROSA, and ROKS?
Yes. CISGuard supports OpenShift on Azure Red Hat OpenShift (ARO), Red Hat OpenShift Service on AWS (ROSA), Red Hat OpenShift on IBM Cloud (ROKS), and self-managed OpenShift on bare metal or VMware. The benchmark applies uniformly; cluster-management plane differs per deployment.
Can CISGuard scan air-gapped OpenShift deployments?
Yes. Air-gapped OpenShift (common for federal, defense, and sovereign environments) is fully supported. CISGuard runs entirely within the cluster's network boundary; benchmark and software updates ship via signed media. This is required for FedRAMP High, NCA Top Secret, and IL4/IL5 OpenShift deployments.
Often deployed together with Red Hat OpenShift.
Want a Red Hat OpenShift scan of your environment?
Our compliance engineers will scope your environment and quote within one business day of an initial briefing.