diff --git a/data/workshop/exercise7.mdx b/data/workshop/exercise7.mdx index ee1fbb1..47101d0 100644 --- a/data/workshop/exercise7.mdx +++ b/data/workshop/exercise7.mdx @@ -51,4 +51,26 @@ As a challange have a go at mirroring and deploying a new additional container i Once the container is running, use the RHACS dashboard to check what the deployments risk level is? What are the factors contributing to that? + +## 7.3 - Exploring the rhacs policy engine + +Red Hat Advanced Cluster Security for Kubernetes allows you to use out-of-the-box security policies and define custom multi-factor policies for your container environment. + +Configuring these policies enables you to automatically prevent high-risk service deployments in your environment and respond to runtime security incidents. + +All of the policies that ship with the product are designed with the goal of providing targeted remediation that improves security hardening. + +Take some time to reivew the default policies by clicking **Platform Configuration** > **Policy Management**. You’ll see this list contains many **Build** and **Deploy** time policies to catch misconfigurations early in the pipeline, but also **Runtime** policies that point back to specific hardening recommendations. + +These policies come from us at Red Hat - our expertise, our interpretation of industry best practice, and our interpretation of common compliance standards, but you can modify them or create your own. + +If you have some time take a look at the options for editing default policies to change their enforcement behavior or scope. + + +|![workshop](/static/images/compliance/acs-policies.png) | +|:-----------------------------------------------------------------------------:| +| *Policy management in Red Hat Advanced Cluster Security* | + + + If you're ready for a different topic, head over to Exercise 8, for the final tasks today to deploy Red Hat Developer Hub 🙂 diff --git a/public/static/images/compliance/acs-policies.png b/public/static/images/compliance/acs-policies.png new file mode 100644 index 0000000..243ba4c Binary files /dev/null and b/public/static/images/compliance/acs-policies.png differ