Security News > 2021 > August > NSA and CISA share Kubernetes security recommendations

NSA and CISA share Kubernetes security recommendations
2021-08-04 05:02

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system.

To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

The NSA says that the main three causes for a compromised Kubernetes environment are supply-chain attacks, malicious actors, and insider threats.

While administrators can't prevent all three risks, they can harden the security of a Kubernetes cluster by avoiding common misconfigurations and applying mitigations to minimize security risks.

"Insider threats can be administrators, users, or cloud service providers. Insiders with special access to an organization's Kubernetes infrastructure may be able to abuse these privileges" - the National Security Agency.

Read the full Kubernetes Hardening Guidance document [PDF] from the NSA and CISA..


News URL

https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-kubernetes-security-recommendations/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 35 8 93
NSA 2 0 2 7 5 14