Seems like a legit bug.
Verification pass with 4.12.0-0.nightly-2022-09-22-153054 + compliance-operator.v0.1.55 $ oc apply -f -<<EOF apiVersion: compliance.openshift.io/v1alpha1 kind: ScanSettingBinding metadata: name: test profiles: - apiGroup: compliance.openshift.io/v1alpha1 kind: Profile name: ocp4-cis - apiGroup: compliance.openshift.io/v1alpha1 kind: Profile name: ocp4-cis-node settingsRef: apiGroup: compliance.openshift.io/v1alpha1 kind: ScanSetting name: default EOF scansettingbinding.compliance.openshift.io/test created $ oc get suite -w NAME PHASE RESULT test LAUNCHING NOT-AVAILABLE test LAUNCHING NOT-AVAILABLE test RUNNING NOT-AVAILABLE test RUNNING NOT-AVAILABLE test RUNNING NOT-AVAILABLE test AGGREGATING NOT-AVAILABLE test AGGREGATING NOT-AVAILABLE test AGGREGATING NOT-AVAILABLE test DONE NON-COMPLIANT test DONE NON-COMPLIANT ^C $ oc get scan NAME PHASE RESULT ocp4-cis DONE NON-COMPLIANT ocp4-cis-node-master DONE NON-COMPLIANT ocp4-cis-node-worker DONE NON-COMPLIANT $ oc get ccr | grep creation ocp4-cis-kubelet-configure-event-creation PASS medium ocp4-cis-rbac-pod-creation-access MANUAL medium $ oc get ccr ocp4-cis-kubelet-configure-event-creation -o yaml apiVersion: compliance.openshift.io/v1alpha1 description: |- Kubelet - Ensure Event Creation Is Configured It is important to capture all events and not restrict event creation. Events are an important source of security information and analytics that ensure that your environment is consistently monitored using the event data. id: xccdf_org.ssgproject.content_rule_kubelet_configure_event_creation instructions: |- Run the following command on the kubelet node(s): $ for NODE_NAME in $(oc get nodes -ojsonpath='{.items[*].metadata.name}'); do oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"' | grep eventRecordQPS; done The output should return . kind: ComplianceCheckResult metadata: annotations: compliance.openshift.io/rule: kubelet-configure-event-creation creationTimestamp: "2022-09-23T15:01:35Z" generation: 1 labels: compliance.openshift.io/automated-remediation: "" compliance.openshift.io/check-severity: medium compliance.openshift.io/check-status: PASS compliance.openshift.io/scan-name: ocp4-cis compliance.openshift.io/suite: test name: ocp4-cis-kubelet-configure-event-creation namespace: openshift-compliance ownerReferences: - apiVersion: compliance.openshift.io/v1alpha1 blockOwnerDeletion: true controller: true kind: ComplianceScan name: ocp4-cis uid: d1e57965-2a23-4f08-812d-ab34e850aaa0 resourceVersion: "213996" uid: 252da054-ed3c-4762-bb29-27f3ef0673eb severity: medium status: PASS $ for NODE_NAME in $(oc get nodes -ojsonpath='{.items[*].metadata.name}'); do oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"' | grep eventRecordQPS; done "eventRecordQPS": 5, "eventRecordQPS": 5, "eventRecordQPS": 5, "eventRecordQPS": 5, "eventRecordQPS": 5, "eventRecordQPS": 5,
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Compliance Operator bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:6657