Management clusters, classy standard, and classy single node clusters are hardened to the levels by default as described in STIG Results and Exceptions and CIS Results and Exceptions.

Following is the delta exception for TCA clusters as compared to CIS Results and Exceptions:
Table 1. Photon OS 5 CIS Exceptions
CIS ID Description Reason
C-2.2.7 Ensure NFS and RPC are not enabled NFS Client is required by TCA
C-3.2.4 Ensure suspicious packets are logged Set log_martians =0 to avoid important kernel/driver logs overwritten
C-3.4.2 Ensure SCTP is disabled SCTP is required by TCA
C-4.2.1.1 Ensure rsyslog is installed TCA use syslog-ng service. Syslog is not installed
C-4.2.1.2 Ensure rsyslog Service is enabled TCA use syslog-ng service. Syslog is not installed
C-4.2.1.3 Ensure logging is configured TCA use syslog-ng service. Syslog is not installed
C-4.2.2.1 Ensure journald is configured to send logs to rsyslog TCA use syslog-ng service. Syslog is not installed
C-5.3.1 Ensure password creation requirements are configured Minimum eight character password length
C-5.3.3 Ensure password reuse is limited Node customization need set same password