mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
# Standards - Pod Security Admission Controller
|
||||
|
||||
## Kubernetes Pod Security Standards
|
||||
|
||||
| Profile | Controls Enforced |
|
||||
|---------|------------------|
|
||||
| Baseline | No privileged, no hostPID/IPC/Network, no hostPorts, restricted volumes, no procMount, restricted seccomp, restricted capabilities |
|
||||
| Restricted | All Baseline + non-root, drop ALL caps, seccomp required, restricted volume types, no privilege escalation |
|
||||
|
||||
## CIS Kubernetes Benchmark v1.8
|
||||
- 5.2.1: Ensure privileged containers are not used
|
||||
- 5.2.2-5.2.4: Ensure host namespace sharing is disabled
|
||||
- 5.2.5: Ensure privilege escalation is not allowed
|
||||
- 5.2.6: Ensure root containers are not admitted
|
||||
- 5.2.7: Ensure seccomp profile is set
|
||||
- 5.7.3: Apply security context to pods
|
||||
|
||||
## NIST SP 800-190
|
||||
- Section 4.3: Container runtime security
|
||||
- Section 5.4: Admission control enforcement
|
||||
|
||||
## NSA/CISA Kubernetes Hardening Guide v1.2
|
||||
- Section 1: Pod Security - Use Pod Security Standards
|
||||
|
||||
## Compliance Mappings
|
||||
- PCI DSS v4.0 Req 2.2: Configuration standards
|
||||
- SOC 2 CC6.1: Logical access controls
|
||||
- HIPAA 164.312(a)(1): Access controls
|
||||
Reference in New Issue
Block a user