Compliance check

Kaspersky Container Security agents can check Kubernetes cluster nodes for compliance with the CIS Kubernetes information security benchmark. This is a set of recommendations from the CIS (Center for Internet Security) on developing reliable security systems for Kubernetes-based software.

Kaspersky Security for Containers checks for compliance with the CIS Kubernetes standard on Kubernetes versions 1.15–1.25.

The Agent checks the state of the node where it is installed and sends the results to the Server. Check results are displayed in the Compliance section.

You can view the results of checks on cluster nodes for compliance with CIS Kubernetes benchmarks in the Compliance → CIS Kubernetes benchmark section. Kaspersky Container Security displays a summary of the number of checks performed and their status. The solution assigns the following statuses to the checks:

• Passed—check completed successfully.
• Warning—check shows that problems may occur during the execution of operations or tasks.
• Failed—check revealed non-compliance with the standard.

The solution displays the node check results in the form of a table, grouping the nodes by clusters.

Click the node name link to open a page with detailed information about the results of the node check.

The solution displays summary information at the top of the window. In the table, each benchmark is correlated with node compliance status.

Click on the benchmark row to open and close a pane to the right of the table; this pane contains detailed information about the benchmark.

You can check a node against the standard benchmarks by clicking the Scan button.