creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/implementing-pod-security-admission-controller/references/standards.md
T

1.1 KiB
Raw Blame History

Standards - Pod Security Admission Controller

Kubernetes Pod Security Standards

Profile Controls Enforced
Baseline No privileged, no hostPID/IPC/Network, no hostPorts, restricted volumes, no procMount, restricted seccomp, restricted capabilities
Restricted All Baseline + non-root, drop ALL caps, seccomp required, restricted volume types, no privilege escalation

CIS Kubernetes Benchmark v1.8

  • 5.2.1: Ensure privileged containers are not used
  • 5.2.2-5.2.4: Ensure host namespace sharing is disabled
  • 5.2.5: Ensure privilege escalation is not allowed
  • 5.2.6: Ensure root containers are not admitted
  • 5.2.7: Ensure seccomp profile is set
  • 5.7.3: Apply security context to pods

NIST SP 800-190

  • Section 4.3: Container runtime security
  • Section 5.4: Admission control enforcement

NSA/CISA Kubernetes Hardening Guide v1.2

  • Section 1: Pod Security - Use Pod Security Standards

Compliance Mappings

  • PCI DSS v4.0 Req 2.2: Configuration standards
  • SOC 2 CC6.1: Logical access controls
  • HIPAA 164.312(a)(1): Access controls
Reference in New Issue View Git Blame Copy Permalink