A security framework is a set of guidelines, best practices or standards, usually codified as a number of controls.

The term was popularised by the NIST Cybersecurity Framework, published in 2013, but the ideas date back at least as far as the 1970s, with the publication of the Trusted Computer System Evaluation Criteria, commonly known as the Orange Book.

Security frameworks are often published by government agencies or non-profit research centers. Many such groups have published guidance on how to improve the security posture of a Kubernetes environment.

Kubescape can be used to validate running clusters and manifest files against a number of popular frameworks.

Published frameworks

The most commonly referenced security frameworks are:

• NSA-CISA Kubernetes Hardening Guide , published by the United States National Security Agency and Cybersecurity and Infrastructure Security Agency
• CIS Benchmarks, published by the Center for Internet Security:
  • CIS Kubernetes Benchmark
  • CIS Amazon Elastic Kubernetes Service (EKS) Benchmark
• MITRE ATT&CK Threat Matrix for Kubernetes, published by MITRE and Microsoft

ARMO frameworks

Kubescape includes a number of controls developed by ARMO, which are arranged into three frameworks:

• ArmoBest
• DevOpsBest
• AllControls

Using frameworks with Kubescape

When you do a scan with Kubescape, by default, your results will be compared against all the available frameworks.

To list the available frameworks:

Command line

kubescape list frameworks

To scan against a specific framework, you can use kubescape scan framework and the name of the framework:

kubescape scan framework nsa

📘

Tip

You can use cis as an alias for the latest version of the CIS Benchmark framework.

Web interface

The ARMO Platform web interface can show your security posture against the available frameworks.

To manage the frameworks, click your initials in the top right of the ARMO Platform web interface, and click "Settings". Under "Posture", click "Frameworks".

The available frameworks are listed.

Adding a custom framework

You can define a custom framework from the ARMO Platform. This may be useful to select the specific controls you wish to validate your clusters against.

From the ARMO Platform Frameworks screen, click "New Framework".

Enter the framework name, a short description, and select the controls you wish to include. Click "Apply" to save.

Contributing to the framework library

The framework library is maintained on GitHub.