diff --git a/applications/openshift/general/sandboxed_containers_operator_configured/rule.yml b/applications/openshift/general/sandboxed_containers_operator_configured/rule.yml
deleted file mode 100644
index 265226dc8a7..00000000000
--- a/applications/openshift/general/sandboxed_containers_operator_configured/rule.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-title: Ensure that Sandboxed Containers Operator is Configured
-
-description: |-
- {{{ weblink(link="https://docs.redhat.com/en/documentation/openshift_sandboxed_containers/1.7",
- text="The Sandboxed Containers Operator") }}}
- provides containers with a dedicated kernel by running them in a virtual machine. This allows for extended separation, as no kernel is shared. This is done by using RHCOS cluster extension and is only available on RHCOS nodes.
-
- It is only active, if it is correctly configured with a KataConfig AND you configured each pod spec with runtimeClassName: kata
.
-
- Be advised, that on AWS, Azure, IBM Z and IBM LinuxOne you need to enable PeerPods and confiugre additional resources.
-
-rationale: |-
- Using separate kernels for each container provides for better isolation, and makes it harder for adveseries to move laterally to other containers or the container-host.
-
-severity: medium
-
-identifiers:
- cce@ocp4: CCE-87430-5
-
-ocil_clause: 'Sandboxed Containers Operator is not configured'
-
-ocil: |-
- Run the following command to check if a KataConfig for the cluster exists:
- $ oc get kataconfigs openshift-sandboxed-containers-operator
- Make sure at least one KataConfig exists.
-
-warnings:
-- general: |-
- {{{ openshift_cluster_setting("/apis/kataconfiguration.openshift.io/v1/kataconfigs?limit=5") | indent(4) }}}
-
-template:
- name: yamlfile_value
- vars:
- ocp_data: "true"
- filepath: /apis/kataconfiguration.openshift.io/v1/kataconfigs?limit=5
- yamlpath: ".items[:].metadata.name"
- entity_check: "at least one"
- values:
- - value: ".*"
- operation: "pattern match"
diff --git a/applications/openshift/general/sandboxed_containers_operator_exists/rule.yml b/applications/openshift/general/sandboxed_containers_operator_exists/rule.yml
deleted file mode 100644
index 85808b837b0..00000000000
--- a/applications/openshift/general/sandboxed_containers_operator_exists/rule.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-title: Ensure that Sandboxed Containers Operator exists in the cluster
-
-description: |-
- {{{ weblink(link="https://docs.redhat.com/en/documentation/openshift_sandboxed_containers/1.7",
- text="The Sandboxed Containers Operator") }}}
- provides containers with a dedicated kernel by running them in a virtual machine. This allows for extended separation, as no kernel is shared. This is done by using RHCOS cluster extension and is only available on RHCOS nodes.
-
-rationale: |-
- Using separate kernels for each container provides for better isolation, and makes it harder for adveseries to move laterally to other containers or the container-host.
-
-severity: medium
-
-identifiers:
- cce@ocp4: CCE-86496-7
-
-ocil_clause: 'Sandboxed Containers Operator is not installed'
-
-ocil: |-
- Run the following command to check if a subscription for the operator exists in the system:
- $ oc get sub -n openshift-sandboxed-containers-operator
- Make sure the Sandboxed Containers Operator is installed.
-
-warnings:
-- general: |-
- {{{ openshift_cluster_setting("/apis/operators.coreos.com/v1alpha1/subscriptions") | indent(4) }}}
-
-template:
- name: yamlfile_value
- vars:
- ocp_data: "true"
- filepath: '/apis/operators.coreos.com/v1alpha1/subscriptions'
- yamlpath: ".items[:].status.installedCSV"
- check_existence: "at_least_one_exists"
- values:
- - value: "sandboxed-containers-operator.*"
- operation: "pattern match"
- entity_check: "at least one"