> For the complete documentation index, see [llms.txt](https://cloud-native.nikkei.one/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cloud-native.nikkei.one/compliance-and-security-frameworks/compliance-and-security-frameworks.md). # Compliance and Security Frameworks **About This Section: Compliance and Security Frameworks** This section bridges Kubernetes security with industry standards and compliance requirements. Learn how to audit clusters, align with frameworks like NIST and MITRE ATT\&CK, and automate policies to meet regulatory and organizational goals. #### **What You’ll Learn** A practical guide to integrating compliance into Kubernetes workflows, covering: * **Benchmark Audits**: Implement the CIS Kubernetes Benchmark using tools like kube-bench to identify misconfigurations and automate fixes. * **Framework Alignment**: Map Kubernetes security practices to the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) for risk management. * **Threat Intelligence**: Analyze adversary tactics (e.g., credential theft, lateral movement) using MITRE ATT\&CK and prioritize defenses. * **Supply Chain Compliance**: Meet SLSA and SPDX standards by generating provenance, tracking dependencies, and securing build pipelines. * **Policy Automation**: Enforce compliance-as-code with tools like Kyverno and Checkov to validate resources, RBAC, and images in CI/CD pipelines. #### **Why It Matters** Regulatory requirements and audit readiness are critical for organizations running Kubernetes in production. Unaddressed compliance gaps can lead to fines, breaches, or loss of customer trust. This series translates abstract standards into actionable steps, helping you build audit-proof clusters while mitigating risks like credential theft or supply chain attacks. #### **How to Use This Series** Start with foundational audits using the CIS Benchmark, then align your strategy with frameworks like NIST or MITRE ATT\&CK. Posts like *Automating Compliance* or *Supply Chain Compliance* provide code snippets and workflows to embed compliance into development pipelines. *** *Begin with CIS Kubernetes Benchmark: A Step-by-Step Implementation Guide or browse all posts.* --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cloud-native.nikkei.one/compliance-and-security-frameworks/compliance-and-security-frameworks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.