Audit & Compliance

Audit logging and compliance ensure your Kubernetes cluster meets security standards and provides a record of all API activities for security analysis and compliance requirements.

What is Audit Logging?

Audit logging records all API requests to the Kubernetes API server:

• Who made the request
• What action was performed
• When it happened
• Where the request came from
• Result - Success or failure

Why Audit Logging?

Audit logs provide:

• Security analysis - Detect suspicious activities
• Compliance - Meet regulatory requirements
• Troubleshooting - Understand what happened
• Forensics - Investigate security incidents

Compliance Frameworks

CIS Kubernetes Benchmark

Center for Internet Security benchmark provides:

• Security configuration guidelines
• Best practices
• Automated scanning tools

Other Frameworks

• NIST - National Institute of Standards and Technology
• PCI DSS - Payment Card Industry Data Security Standard
• HIPAA - Health Insurance Portability and Accountability Act

Topics

• Audit Policy & Logs - Configuring audit logging
• CIS Benchmarks - CIS Kubernetes Benchmark

See Also

• RBAC - Access control
• Policy Enforcement - Automated compliance