mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 13:15:16 +03:00
19 lines
735 B
Markdown
19 lines
735 B
Markdown
# Standards Reference - Kubernetes Network Policies
|
|
|
|
## CIS Kubernetes Benchmark v1.8 - Section 5.3
|
|
- 5.3.1: Ensure CNI supports Network Policies
|
|
- 5.3.2: Ensure default deny NetworkPolicy for all namespaces
|
|
|
|
## NSA/CISA Kubernetes Hardening Guide
|
|
- Implement network segmentation between namespaces
|
|
- Apply default-deny network policies
|
|
- Restrict pod-to-pod communication to required paths only
|
|
- Block access to cloud metadata endpoints
|
|
|
|
## MITRE ATT&CK Mitigations
|
|
| Technique | Mitigation via Network Policy |
|
|
|-----------|------------------------------|
|
|
| T1046 - Network Service Scanning | Limit reachable services |
|
|
| T1021 - Remote Services | Block lateral movement |
|
|
| T1552 - Credentials from IMDS | Block 169.254.169.254 |
|