k8s合规

k8s合规_第1张图片

https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.cis_v150

https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository

https://github.com/prowler-cloud/prowlerhttps://blog.aquasec.com/preparing-container-based-applications-for-gdpr-what-you-need-to-know

CIS

adeliarisk.com/wp-content/uploads/2021/02/ea379fb337eb5d3def3e80339a91ff90.pdf

GitHub - mez-0/cis-benchmarks: CIS Benchmarks as of 20/05/2020

 Center for Internet Security (CIS) Benchmarks (adeliarisk.com)

HIPPA

GDPR

General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu)

Kubernetes Compliance under GDPR | ARMO (armosec.io)

从GDPR看企业数据安全合规建设 (renrendoc.com)

 A Guide to GDPR Compliance for Containers and the Cloud – Sysdig

Achieve and Enforce GDPR Compliance for Containers & Kubernetes (neuvector.com)

AWS GDPR compliance with Sysdig Secure – Sysdig

Kubernetes Compliance under GDPR | ARMO (armosec.io)

Preparing Container-Based Applications for GDPR: What You Need to Know (aquasec.com)

GDPR Compliance and Kubernetes Environments (cyberlands.io)

PCI-DSS

PCI Compliance for Containers and Kubernetes – Sysdig

listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf

NIST相关

NIST 800-53 compliance for containers and Kubernetes | Sysdig

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (nist.gov)

NIST 800-53 compliance for containers and Kubernetes | Sysdig

Application Container Security Guide (nist.gov)NIST SP800-190(中文版) - 道客巴巴 (doc88.com)

11 种微服务和容器安全最佳实践(下) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com

等保2.0 VS NIST800-53之账户管理 | SDNLAB | 专注网络创新技术

NIST SP 800-190 Application Container Security | Sysdig

GUIDE. NIST 800-190 Application Security Guide Checklist (lookbookhq.com)

工具

GitHub - prowler-cloud/prowler: Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

相关资料

Compliance Dashboard (paloaltonetworks.com) 

你可能感兴趣的:(安全)