National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

OpenShift 3.x on Azure for Government (FedRAMP Moderate) v1 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Red Hat OpenShift Container Platform 3.5 cpe:/a:redhat:openshift_container_platform:3.5 (View CVEs)
Red Hat OpenShift Container Platform 3.6 cpe:/a:redhat:openshift_container_platform:3.6 (View CVEs)
Red Hat OpenShift Container Platform 3.7 cpe:/a:redhat:openshift_container_platform:3.7 (View CVEs)
Red Hat OpenShift Container Platform 3.8 cpe:/a:redhat:openshift_container_platform:3.8 (View CVEs)
Red Hat OpenShift Container Platform 3.9 cpe:/a:redhat:openshift_container_platform:3.9 (View CVEs)
Red Hat OpenShift Container Platform 3.10 cpe:/a:redhat:openshift_container_platform:3.10 (View CVEs)
Red Hat OpenShift Container Platform 3.11 cpe:/a:redhat:openshift_container_platform:3.11 (View CVEs)

Checklist Highlights

Checklist Name:
OpenShift 3.x on Azure for Government (FedRAMP Moderate)
Checklist ID:
865
Version:
v1
Type:
Compliance
Review Status:
Final
Authority:
Software Vendor: Red Hat
Original Publication Date:
08/17/2018

Checklist Summary:

Using the FedRAMP-provided System Security Plan for Moderate impact systems, Red Hat and Microsoft collaborated on the release of an Azure Blueprint. The document is designed to identify which controls are inherited from Azure’s FedRAMP accreditation, which are satisfied through native Red Hat OpenShift Container Platform capabilities, and which security controls are the responsibility of the system operator (procedural controls).

Checklist Role:

  • Virtualization Server

Known Issues:

Not provided.

Target Audience:

Microsoft Azure for Government and OpenShift Container Platform architects.

Target Operational Environment:

  • Standalone
  • Managed
  • Specialized Security-Limited Functionality (SSLF)
  • Legacy
  • Sector-Specific Environment

Testing Information:

The reference architecture was last revalidated on OpenShift Container Platform 3.9.

Regulatory Compliance:

This security guide was developed for FedRAMP Moderate controls.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Inquiries of general use and support should be directed to Red Hat Customer Service (https://access.redhat.com/support/cases/#/case/new).

Point of Contact:

Named Red Hat POC: Shawn Wells, Chief Security Strategist, Red Hat Public Sector. EMail: shawn@redhat.com. Cell: 443-534-0130 (US EST). -- Named Microsoft POC: Harold Wong. EMail: Harold.Wong@microsoft.com.

Sponsor:

Red Hat, Microsoft.

Licensing:

Not provided.

Change History:

Updated to FINAL - 9/24/18
null

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 10/18/2018