Cluster security benchmarks compliance check

The clusters that you can check for compliance with cluster benchmarks are listed in a table in the Compliance → Cluster benchmarks section.

To view information on individual clusters:

In the Cluster field in the Compliance → Cluster benchmarks section, do one of the following:

• In the drop-down list, select one or more clusters.
• Enter the name of one or more clusters.

By default, the table displays all clusters available for the compliance check.

The table includes the following information for clusters:

• Cluster name.
• Date and time of the last scan.
• Orchestrator and version. If the orchestrator version is no longer officially supported, the solution indicates this using the icon.
• Compliance score
• Non-compliant controls with the severity of each identified risk type

You can select one or more clusters by selecting the check box in the row containing the name of the cluster. By clicking the buttons above the table, you can perform the following actions with the selected clusters:

• Send for rescan.
• Generate a report on the compliance of resources of one or more clusters with cluster security benchmarks.

Kaspersky Container Security queries category and subcategory names, control names, and remediation recommendations from connected databases of applicable benchmarks in the language of these databases. The information is displayed in the form in which it was received. Accordingly, information from the MITRE, NSA/CISA, and Kubernetes benchmarks is presented in English.

Viewing cluster scan results

To view detailed cluster check results:

In the Compliance → Cluster benchmarks section, click the cluster name in the table.

This opens a window with the results of the cluster check, which displays information about the compliance of the cluster resources with benchmark controls, as well as information about cluster resource management. You can view the results in the Benchmarks scan results and Information tabs.

The solution displays the scan results for all resources in the cluster, even if individual resources of that cluster are selected for your scope.

The table on the Benchmarks scan results tab includes the following information:

• Control ID.
• Description of the control.
• Compliance score as a percentage.
• Number of non-compliant resources for each control found
• Remediation recommendations
• Category of the control
• Severity of the control

On the Information tab, the solution displays the following information about the checked cluster:

• Orchestrator and its version
• Git version
• CPU architecture
• Date and time of cluster build
• Date of end of support for the specified version of the orchestrator. If the orchestrator version is no longer officially supported, the solution indicates this using the icon.

If necessary, you can send the cluster for a rescan by clicking the Rescan button on the Benchmarks scan results tab.

You can also generate a report on the compliance of resources of one or more clusters with cluster security benchmarks by clicking the Create report button on the Benchmarks scan results tab. The list of generated reports is displayed under Administration → Reports.

Configuring how cluster scan results are displayed

To configure the display of cluster scan results:

1. In the Compliance → Cluster benchmarks section, click the cluster name.

   The solution will open a window with a detailed description of the results of scanning the selected cluster.

2. Select the date and time of the scan. By default, the results of the last performed scan are displayed.
3. If necessary, filter the scan results by severity and applicable cluster security benchmarks by doing the following:
   1. Click the filter icon () above the table.
   2. In the displayed sidebar, specify the following parameters of controls:
      • For the Severity setting, select one or more of the severity buttons (Critical, High, Medium, and Low).
      • For the Framework setting, select one or more buttons corresponding to the relevant benchmarks (All, MITRE, NSA/CISA).
   3. Click Apply.

      The solution closes the sidebar and the test results table displays only the controls that match the selected parameters of controls.

   By default, scan results are displayed for all severity levels and all cluster security benchmarks.

4. If necessary, select the category or subcategory of controls that you want to display in the table. To do so:
   • If you want to select a category of controls to display, click the category name above the results table.
   • If you want to select a subcategory of controls to display:
     • Expand the lists of subcategories under categories of controls by clicking the Expand subcategories link.
     • Click the subcategory name in the above the results table.

Control details

To view information about a control:

In the window with detailed scan results for the selected cluster, click the control ID in the table on the Benchmarks scan results tab.

The displayed sidebar contains the following information:

• The General tab:
  • ID and name of the control
  • Category and subcategory of the control
  • Checking method
  • Rules for performing the check
  • Description of the control
  • Remediation recommendations
  • Checking technique that was used
  • Benchmarks:
• On the Resources tab:
  • Total number of checked resources.
  • Compliance score as a percentage.
  • The number of resources for which the check could not be performed. This value is indicated next to the title of the tab.
  • A table of the following parameters of resources in the cluster:
    • Namespace
    • Resource name
    • Resource type
    • Verification status (Passed, Failed).

    You can configure the display of resource information in the table by clicking the All, Passed, and Failed buttons above the table.