Overview Kubernetes introduces powerful orchestration but also new security challenges. Following security baselines helps minimize misconfigurations and exposure. Baseline Recommendations: Cluster Hardening: Restrict access to the API server; enable audit logging. Pod Security: Use Pod Security Standards (restricted baseline). RBAC Controls: Implement least privilege roles; disable default admin. Network Security: Enforce network policies and deny-all defaults. Image Security: Use signed, verified images; scan for vulnerabilities. Compliance Mapping: Aligns with NIST CSF (Protect, Detect, Respond). Supports ISO 27001 Annex A. Further Reading: CIS Kubernetes Benchmark NIST SP 800-190 – Container Security
