How does one distinguish between DRAFT and non DRAFT profile?

(In reply to Marina Kalinin from comment #1)
> How does one distinguish between DRAFT and non DRAFT profile?

It is in the name of the old one. "[DRAFT] DISA STIG for Red Hat Virtualization Host (RHVH)".

(In reply to Ales Musil from comment #0)
> RHVH: 
> Installation of DISA STIG profile on RHVH is not supported. 
> Upgrade from DRAFT DISA STIG is not supported.
> 
> Host (not RHVH):
> Installation is supported through anaconda by selecting DISA STIG security
> profile. 
> Upgrade from DRAFT DISA STIG is not supported.

Is there any specific manual step here? DISA STIG security profile requires a special disk partitioning. Any recommendation for the size of the various partitions?
DISA STIG also disables root ssh access to the host. Any recommendation about this?
Within DISA STIG, which profile is going to be supported? xccdf_mil.disa.stig_profile_MAC-1_Classified ?


> Standalone engine:
> Installation is supported through anaconda by selecting DISA STIG security
> profile. 
> Upgrade from DRAFT DISA STIG is not supported.
> 
> Hosted Engine:
> Installation is supported through HE options, "he_apply_openscap_profile" as
> "True"
> and "he_openscap_profile_name" as "stig" (which is the default value).
> Upgrade from DRAFT DISA STIG is not supported.

(In reply to Sandro Bonazzola from comment #10)
> (In reply to Ales Musil from comment #0)
> > RHVH: 
> > Installation of DISA STIG profile on RHVH is not supported. 
> > Upgrade from DRAFT DISA STIG is not supported.
> > 
> > Host (not RHVH):
> > Installation is supported through anaconda by selecting DISA STIG security
> > profile. 
> > Upgrade from DRAFT DISA STIG is not supported.
> 
> Is there any specific manual step here?

There shouldn't be any manual step required.
 
> DISA STIG security profile requires
> a special disk partitioning. Any recommendation for the size of the various
> partitions?

We can discuss the partition size, I am not sure if there's any recommendation from RHEL.

> DISA STIG also disables root ssh access to the host. Any recommendation
> about this?

For RHV the profile does not disable root ssh access. 

> Within DISA STIG, which profile is going to be supported?
> xccdf_mil.disa.stig_profile_MAC-1_Classified ?

I am not sure what are you reffering to, the DISA STIG profile is xccdf_org.ssgproject.content_profile_stig.

> 
> 
> > Standalone engine:
> > Installation is supported through anaconda by selecting DISA STIG security
> > profile. 
> > Upgrade from DRAFT DISA STIG is not supported.
> > 
> > Hosted Engine:
> > Installation is supported through HE options, "he_apply_openscap_profile" as
> > "True"
> > and "he_openscap_profile_name" as "stig" (which is the default value).
> > Upgrade from DRAFT DISA STIG is not supported.

new PR for changes to documentation
https://github.com/oVirt/ovirt-site/pull/2899
Changes proposed in this pull request:

    Remove instructions for adding DISAQ STIG profile to RHVH
    Remove mention of DISA STIG for RHVH
    Add notice to Removed Functionality table in Release Notes

Closed previous PR - this new PR by Ales Musil addresses the DISA STIG as well as additional security profile updates

https://github.com/oVirt/ovirt-site/pull/2882

Merged the PR https://github.com/oVirt/ovirt-site/pull/2899

(In reply to Eli Marcus from comment #14)
> Merged the PR https://github.com/oVirt/ovirt-site/pull/2899

Eli, when exactly this is going to be merged in documentation? With 4.5.0 or later?

(In reply to Marina Kalinin from comment #15)
> (In reply to Eli Marcus from comment #14)
> > Merged the PR https://github.com/oVirt/ovirt-site/pull/2899
> 
> Eli, when exactly this is going to be merged in documentation? With 4.5.0 or
> later?

Hi Marina     The updates are visible in the current (RHV 4.4) documentation