containers (Orange Deer studio/

NSA, CISA issue Kubernetes security guidance

To help systems administrators better secure Kubernetes, the open-source container orchestration tool, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have released a new report, “Kubernetes Hardening Guidance,” that details threats to Kubernetes environments and provides configuration guidance to minimize risk.

Kubernetes clusters, which are often hosted in a cloud environment, provide increased flexibility compared to traditional software platforms, but are commonly targeted by attackers looking to steal data or computer power for cryptocurrency mining or conduct denial of service attacks, according to NSA officials. Like most systems, they are vulnerable to supply chain hacks, attacks from malicious threat actors and insider threats.

The report recommends hardening Kubernetes systems by scanning containers and pods for vulnerabilities or misconfigurations, running containers and pods with the least privileges possible and using network separation, firewalls, strong authentication, and log auditing.

While the guidance targets administrators of National Security Systems and critical infrastructure organizations, administrators of federal and state, local, tribal, and territorial government networks are also encouraged to implement the recommendations provided.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected