Skip to content

Latest commit

 

History

History
 
 

community

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
CM-Configuration-Management
CM-Configuration-Management
 
 
SI-System-and-Information-Integrity
SI-System-and-Information-Integrity
 
 
README.md
README.md
 
 

README.md

Policies -- Community

Policies in this folder are organized by NIST Special Publication 800-53. For more information, read NIST.SP.800-53r4.

Security control catalog

View a list of policies that are organized by the security control catalog.

  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Security Assessment and Authorization
  • Configuration Management
    • Trusted Container policy: Use the trusted container policy to detect if running pods are using trusted images. For more information, see Trusted Container Policy Controller.
    • Trusted Node policy: Use the trusted node policy to detect if there are untrusted/unattested nodes in the cluster. For more information, see Trusted Node Policy Controller.
    • OPA Sample policy: Use the Open Policy Agent (OPA) Sample policy to view example of how an OPA policy can be created using ConfigMap. You can also view an example of adding a REGO script into a ConfigMap, which is evaluated by the OPA. For more information on this approach, see the example repository. Note: OPA must be installed to use the OPA ConfigMap policy.
    • Upgrade OpenShift-Cluster Sample policy: Use this Policy to upgrade an OpenShift-Cluster. The provided example is upgrading a 4.5 Cluster to version 4.5.3. Change the channel and the desired version if you want to upgrade other versions.
  • Contingency Planning
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Physical and Environmental Protection
  • Planning
  • Personnel Security
  • Risk Assessment
  • System and Services Acquisition
  • System and Communications Protection
  • System and Information Integrity
    • Falco Cloud-Native runtime security -- Falco parses Linux system calls from the kernel at runtime, and asserts the stream against a powerful rules engine. If a rule is violated a Falco alert is triggered. See The Falco Project.
    • Sysdig Agent -- Enforce Sysdig Agent deployment in all targeted clusters. The Sysdig Secure DevOps Platform converges security and compliance with performance and capacity monitoring to create a secure DevOps workflow. It uses the same data to monitor and secure, so you can correlate system activity with Kubernetes services. Check Sysdig and start a Free Trial.