The OpenShift Compliance Guide

Deprecation Notice

This project is deprecated. Please see ATO Pathways.


OpenShift is a container management platform based on Docker containers and the Kubernetes container cluster manager. OpenShift adds developer and operational centric tools to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams and applications.

Built atop Red Hat Enterprise Linux (RHEL), OpenShift is very secure. For users who must comply with the Federal Information Security Management Act (FISMA), there is additional configuration burden.

This guide can help you secure your OpenShift cluster to comply with the FISMA moderate confidentiality, integrity, and availability requirements.

While the configurations and Security Control Traceability Matrix (SCTM) documented in this guide could be implemented in any environment, the reference architecture is Amazon Web Services.

Frequently Asked Questions

Have questions? Visit our Frequently Asked Questions.


Security is an ongoing effort, and we appreciate any feedback or recommendations that you may have. Please use this project’s GitHub page to submit issues or pull requests.