Bug 1883793

Summary: [RFE] RHV installation with PCI DSS compliance
Product: Red Hat Enterprise Virtualization Manager Reporter: Shruti <skavishw>
Component: scap-security-guide-rhvAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED ERRATA QA Contact: cshao <cshao>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4.2CC: ahadas, arachman, cshao, emarcus, lsvaty, mavital, mnoguera, mtessun, mthacker, pelauter, peyu, sbonazzo, shlei, usurse, weiwang, wsato, yaniwang
Target Milestone: ovirt-4.4.7Keywords: FutureFeature
Target Release: 4.4.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.54-2.el8ev redhat-virtualization-host-4.4.7-20210624.0.el8_4 Doc Type: Enhancement
Doc Text:
Red Hat Virtualization Host now includes an updated scap-security-guide-rhv which allows you to apply a PCI DSS security profile to the system during installation,
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-22 15:07:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Shruti 2020-09-30 09:18:29 UTC 
Description of problem:


Ability to deploy PCI DSS compliant RHV infrastructure to protect PCI production complexes.

Looking for something similar to this which is available for RHEL servers - https://www.redhat.com/cms/managed-files/cm-red-hat-product-applicability-guide-pci-dss-analyst-paper-f16584-201903-en.pdf
Comment 8 Sandro Bonazzola 2020-12-18 15:26:06 UTC 
Tried applying PCI-DSS v3.2.1 and the first thing RHV-H is missing is libreswan package included within the image.
Comment 18 Watson Yuuma Sato 2021-04-22 09:12:37 UTC 
A PCI-DSS profile without libreswan was introduced for RHV product in upstream:
https://github.com/ComplianceAsCode/content/pull/6867
Comment 19 Sandro Bonazzola 2021-05-13 07:39:16 UTC 
Watson can you build a rpm including it?
Comment 36 errata-xmlrpc 2021-07-22 15:07:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7]), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2736
Comment 37 Red Hat Bugzilla 2023-09-15 00:48:58 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days