CIS publishes hardening guidance for Red Hat OpenShift Virtualization

CIS publishes hardening guidance for Red Hat OpenShift Virtualization Who is CIS and what is a CIS Benchmark? Key security optimizations How to implement Get the CIS Benchmark Red Hat Product Security About the author Dan Bettinger More like this File encryption and decryption made easy with GPG Deploy Confidential Computing on AWS Nitro Enclaves with Red Hat Enterprise Linux What Is Product Security? | Compiler Technically Speaking | Security for the AI supply chain Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share The Center for Internet Security ® (CIS ® ) has officially published guidance for hardening Red Hat OpenShift Virtualization. The official publication of the new CIS Benchmark ® for Red Hat OpenShift Virtualization is an important development for organizations running traditional virtual machines (VMs) alongside modern containers. OpenShift Virtualization is a feature of Red Hat OpenShift that allows existing VM-based workloads to run directly on the platform. This globally recognized, consensus-driven benchmark provides recommendations for creating a security-focused configuration for those environments. CIS is a community-driven nonprofit organization, which aims to "make the connected world a safer place" for businesses, governments, and people by developing and promoting best practice solutions. The CIS Benchmarks are one of those core solutions. They are a set of globally recognized best practices to help secure configuring operating systems (OSs), servers, and other technology. Developed and maintained by a global community of IT professionals, the CIS Benchmarks provide prescriptive instructions for creating a security-focused configuration baseline. The new CIS Benchmark for OpenShift Virtualization was developed based on the OpenShift Virtualization Hardening Guide. The CIS Benchmark provides detailed recommendations to strengthen your security posture by focusing on 4 key areas of optimization, including: Harden the platform from the ground up : This includes guidance on restricting GPU and USB pass-through to approved devices and disabling non-essential feature gates. Control workloads at every layer : The CIS Benchmark provides fine-grained controls, such as restricting exec and virtual network computing (VNC) access to approved administrators and disabling features like guest-memory overcommit. Segment and protect network traffic : This area focuses on using networking controls like Virtual Local Area Networks (VLANs) to isolate tenant or application traffic and applying Media Access Control (MAC) spoof filtering.