Anthropic-Cybersecurity-Skills/skills/implementing-runtime-security-with-tetragon/references/standards.md

Standards and References - Runtime Security with Tetragon

Industry Standards

NIST SP 800-190: Application Container Security Guide

• Section 4.2: Runtime monitoring and anomaly detection for containers
• Section 4.4: Container-level network monitoring requirements
• Recommends kernel-level security monitoring for container environments

CIS Kubernetes Benchmark v1.9

• Control 5.7.1: Create administrative boundaries between resources using namespaces
• Control 5.7.3: Apply Security Context to pods and containers
• Control 5.7.4: The default namespace should not be used

MITRE ATT&CK for Containers

• T1611: Escape to Host -- Tetragon detects namespace manipulation attempts
• T1059.004: Command and Scripting Interpreter: Unix Shell -- process execution monitoring
• T1053.007: Container Orchestration Job -- detects unauthorized job creation
• T1496: Resource Hijacking -- crypto-miner detection and blocking

CNCF Landscape Positioning

Tetragon is positioned in the CNCF Runtime Security category alongside:

• Falco (audit-log and syscall-based detection)
• KubeArmor (LSM-based enforcement)
• Tracee (eBPF-based tracing)

Key Differentiators

• Kernel-level filtering reduces event volume before reaching user space
• Native enforcement (Sigkill/Override) without requiring separate enforcement engine
• Deep integration with Cilium for combined network + runtime security
• TracingPolicy CRD for Kubernetes-native policy management

Compliance Mapping

Requirement	Framework	Tetragon Capability
Runtime threat detection	PCI DSS 11.5	TracingPolicy with file integrity monitoring
Unauthorized process detection	SOC 2 CC6.8	Process execution monitoring with namespace context
Container isolation enforcement	NIST 800-190 4.2	Namespace escape detection and blocking
Audit trail generation	ISO 27001 A.12.4	JSON event export to SIEM systems
Incident response automation	NIST CSF DE.AE	Real-time Sigkill enforcement on policy violations