Skip to content

Latest commit

 

History

History
 
 

nist-sp-800-190

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.krmignore
.krmignore
 
 
Kptfile
Kptfile
 
 
README.md
README.md
 
 
apparmor.yaml
apparmor.yaml
 
 
asm-peer-authn-strict-mtls.yaml
asm-peer-authn-strict-mtls.yaml
 
 
block-creation-with-default-serviceaccount.yaml
block-creation-with-default-serviceaccount.yaml
 
 
block-secrets-of-type-basic-auth.yaml
block-secrets-of-type-basic-auth.yaml
 
 
capabilities.yaml
capabilities.yaml
 
 
cpu-and-memory-limits-required.yaml
cpu-and-memory-limits-required.yaml
 
 
enforce-config-management.yaml
enforce-config-management.yaml
 
 
host-namespaces.yaml
host-namespaces.yaml
 
 
host-network.yaml
host-network.yaml
 
 
kustomization.yaml
kustomization.yaml
 
 
nodes-have-consistent-time.yaml
nodes-have-consistent-time.yaml
 
 
privileged-containers.yaml
privileged-containers.yaml
 
 
proc-mount-type.yaml
proc-mount-type.yaml
 
 
require-binauthz.yaml
require-binauthz.yaml
 
 
require-managed-by-label.yaml
require-managed-by-label.yaml
 
 
require-namespace-network-policies.yaml
require-namespace-network-policies.yaml
 
 
restrict-clusteradmin-rolebindings.yaml
restrict-clusteradmin-rolebindings.yaml
 
 
restrict-hostpath-volumes.yaml
restrict-hostpath-volumes.yaml
 
 
restrict-rbac-subjects.yaml
restrict-rbac-subjects.yaml
 
 
restrict-repos.yaml
restrict-repos.yaml
 
 
restrict-role-wildcards.yaml
restrict-role-wildcards.yaml
 
 
restrict-volume-types.yaml
restrict-volume-types.yaml
 
 
seccomp.yaml
seccomp.yaml
 
 
selinux.yaml
selinux.yaml
 
 
sysctls.yaml
sysctls.yaml
 
 

README.md

NIST SP 800-190

Description

The NIST SP 800-190 bundle implements controls listed in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-190, Application Container Security Guide. The bundle is intended to help organizations with application container security including image security, container runtime security, network security and host system security to name a few.

The NIST SP 800-190 publication and Use NIST SP 800-190 policy constraints provides more details about the controls targeted by this policy bundle.

Compatibility

This bundle requires Policy Controller version 1.15.2 or higher.

Usage

(Optional) Preview the policy constraints with kubectl:

kubectl kustomize https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/anthos-bundles/nist-sp-800-190

Apply the policy constraints with kubectl:

kubectl apply -k https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/anthos-bundles/nist-sp-800-190

For more information visit:

https://cloud.google.com/anthos-config-management/docs/how-to/using-nist-sp-800-190