A security framework is a set of guidelines, best practices or standards, usually codified as a number of controls.
The term was popularised by the NIST Cybersecurity Framework, published in 2013, but the ideas date back at least as far as the 1970s, with the publication of the Trusted Computer System Evaluation Criteria, commonly known as the Orange Book.
Security frameworks are often published by government agencies or non-profit research centers. Many such groups have published guidance on how to improve the security posture of a Kubernetes environment.
Kubescape can be used to validate running clusters and manifest files against a number of popular frameworks.
The most commonly referenced security frameworks are:
- NSA-CISA Kubernetes Hardening Guide , published by the United States National Security Agency and Cybersecurity and Infrastructure Security Agency
- CIS Benchmarks, published by the Center for Internet Security:
- CIS Kubernetes Benchmark
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark
- MITRE ATT&CK Threat Matrix for Kubernetes, published by MITRE and Microsoft
Kubescape includes a number of controls developed by ARMO, which are arranged into three frameworks:
Using frameworks with Kubescape
When you do a scan with Kubescape, by default, your results will be compared against all the available frameworks.
To list the available frameworks:
kubescape list frameworks
To scan against a specific framework, you can use
kubescape scan framework and the name of the framework:
kubescape scan framework nsa
You can use
cisas an alias for the latest version of the CIS Benchmark framework.
The ARMO Platform web interface can show your security posture against the available frameworks.
To manage the frameworks, click your initials in the top right of the ARMO Platform web interface, and click "Settings". Under "Posture", click "Frameworks".
The available frameworks are listed.
Adding a custom framework
You can define a custom framework from the ARMO Platform. This may be useful to select the specific controls you wish to validate your clusters against.
From the ARMO Platform Frameworks screen, click "New Framework".
Enter the framework name, a short description, and select the controls you wish to include. Click "Apply" to save.
Contributing to the framework library
Updated about 1 month ago