mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
29 lines
1.1 KiB
Markdown
29 lines
1.1 KiB
Markdown
# Standards - Pod Security Admission Controller
|
|
|
|
## Kubernetes Pod Security Standards
|
|
|
|
| Profile | Controls Enforced |
|
|
|---------|------------------|
|
|
| Baseline | No privileged, no hostPID/IPC/Network, no hostPorts, restricted volumes, no procMount, restricted seccomp, restricted capabilities |
|
|
| Restricted | All Baseline + non-root, drop ALL caps, seccomp required, restricted volume types, no privilege escalation |
|
|
|
|
## CIS Kubernetes Benchmark v1.8
|
|
- 5.2.1: Ensure privileged containers are not used
|
|
- 5.2.2-5.2.4: Ensure host namespace sharing is disabled
|
|
- 5.2.5: Ensure privilege escalation is not allowed
|
|
- 5.2.6: Ensure root containers are not admitted
|
|
- 5.2.7: Ensure seccomp profile is set
|
|
- 5.7.3: Apply security context to pods
|
|
|
|
## NIST SP 800-190
|
|
- Section 4.3: Container runtime security
|
|
- Section 5.4: Admission control enforcement
|
|
|
|
## NSA/CISA Kubernetes Hardening Guide v1.2
|
|
- Section 1: Pod Security - Use Pod Security Standards
|
|
|
|
## Compliance Mappings
|
|
- PCI DSS v4.0 Req 2.2: Configuration standards
|
|
- SOC 2 CC6.1: Logical access controls
|
|
- HIPAA 164.312(a)(1): Access controls
|