Security Documentation

This document provides an overview of the security aspects of the Secure CINC Auditor Kubernetes Container Scanning platform.

Directory Contents

For a complete listing of all files in this section, see the Security Documentation Inventory.

Security Framework

The platform is built on a comprehensive security framework that covers:

1. Security Principles: Core principles guiding our security design
2. Risk Analysis: Assessment of security risks and mitigations
3. Compliance: Alignment with security standards and frameworks
4. Threat Model: Analysis of threats and mitigation strategies
5. Recommendations: Best practices and implementation guidance

Key Security Features

Feature	Description	Benefit
Temporary Tokens	Service account tokens with 15-minute default lifespan	Reduces risk of credential compromise
Targeted RBAC	Role-based access control scoped to specific pods	Minimizes potential attack surface
Label-based Restrictions	RBAC rules that can target pods by labels	Provides flexible, precise access control
Time-limited Access	Credentials valid only for the duration of a scan	Prevents persistence of unnecessary access
Non-privileged Scanning	Scanning without requiring privileged containers	Maintains container security boundaries

Security Approach by Scanning Method

Each scanning approach implements security controls appropriate for its method, with varying risk profiles:

• Kubernetes API Approach

  ---

  Risk Level: 🟢 Low

  • Uses least-privilege RBAC with temporary service account tokens
  • Requires access only to specific pods in target namespaces
  • Creates time-limited credentials for each scan
  • Most secure approach from a compliance perspective
  • Uses standard vendor-supported interfaces

  Details

• Debug Container Approach

  ---

  Risk Level: 🟡 Medium

  • Creates temporary debug containers for scanning
  • Requires ephemeral container permissions
  • Removes debug containers after scanning
  • Implements appropriate RBAC controls for ephemeral container creation
  • Temporarily breaks container isolation

  Details

• Sidecar Container Approach

  ---

  Risk Level: 🔴 High

  • Uses pod-level isolation with shared process namespace
  • Requires no cluster-wide permissions
  • Scans directly from within the pod
  • Implements appropriate container security contexts
  • Permanently breaks container isolation within pod

  Details

Risk Level Comparison

Approach	Overall Risk	Required Privileges	Attack Surface	Isolation Impact	Compliance Burden	NSA/CISA Alignment
Kubernetes API	🟢 Low	🟢 Minimal	🟢 Small	🟢 None	🟢 Low	🟢 Strong (90%)
Debug Container	🟡 Medium	🟡 Moderate	🟡 Medium	🟡 Temporary	🟡 Medium	🟡 Moderate (70%)
Sidecar Container	🔴 High	🟡 Moderate	🔴 Larger	🔴 Permanent	🔴 High	🟠 Limited (50%)

See our NSA/CISA Hardening Guide Compliance documentation for detailed mappings.

Security Documentation Structure

Our security documentation is organized into focused sections:

Security Principles

Core security design principles including:

• Least Privilege
• Ephemeral Credentials
• Resource Isolation
• Secure Transport

Risk Analysis

Comprehensive risk assessment including:

• Risk Model
• Kubernetes API Approach Risks
• Debug Container Approach Risks
• Sidecar Container Approach Risks
• Risk Mitigations

Compliance

Alignment with security frameworks including:

• DoD Instruction 8500.01
• DISA Container Platform SRG
• Kubernetes STIG
• CIS Kubernetes Benchmarks
• NSA/CISA Kubernetes Hardening Guide
• Approach Comparison
• Risk Documentation Requirements

Threat Model

Analysis of security threats including:

• Attack Vectors
• Threat Mitigations
• Token Exposure
• Lateral Movement

Recommendations

Best practices and guidance including:

• Enterprise Recommendations
• CI/CD Security
• Monitoring
• Network Security

Related Topics

• RBAC Configuration - Role-Based Access Control configuration
• Service Accounts - Service account management
• Token Management - Secure token handling