We use strictly necessary cookies to run this site, and — only with your consent — analytics & marketing cookies (Google Analytics, Google Tag Manager) to improve it. No analytics or marketing cookies are set unless you accept. See our Cookie Policy and Privacy Policy.

← All checklists
Cloud Hardening · 32 controls

Container & Kubernetes Hardening Checklist

The working paper our auditors use to review containerised platforms. 34 controls across ten domains — image supply chain, registry, build, host/runtime, orchestrator control plane, RBAC, workload security context, network policy, secrets and runtime monitoring — each with a test method, evidence, risk and remediation, aligned to the CIS Docker & Kubernetes Benchmarks, NIST SP 800-190, ISO/IEC 27001:2022 and PCI DSS v4.0.1. Controls are vendor-neutral; the command reference maps each to Docker, Kubernetes, OpenShift and managed EKS/AKS/GKE.

Frameworks: CIS Docker & Kubernetes Benchmarks · NIST SP 800-190 · CIS Controls v8.1 · NIST CSF 2.0 · ISO/IEC 27001:2022 · PCI DSS v4.0.1
OEM coverage: Docker · Kubernetes · Red Hat OpenShift · Amazon EKS · Azure AKS · Google GKE
Download the free Container & Kubernetes Hardening Checklist

Enter your work email and we’ll unlock the Excel + PDF instantly.

What the container & k8s hardening checklist covers

The checklist is vendor-neutral: the control questions apply across platforms, and a dedicated command reference gives the exact command or console path per platform. The 10 control domains are:

  • Image Supply Chain & Registry
  • Build & CI/CD Security
  • Host & Container Runtime
  • Kubernetes Control Plane
  • Authentication & RBAC
  • Workload Security Context
  • Network Policy & Segmentation
  • Secrets Management
  • Runtime Monitoring & Detection
  • Governance & Patching

Which platforms it applies to

One checklist, every platform. The command reference covers:

  • Docker
  • Kubernetes (upstream)
  • Red Hat OpenShift
  • Managed EKS / AKS / GKE

How auditors use it

Work top to bottom, set each control to Pass, Fail, Partial, Not Applicable or Not Tested, and attach an evidence reference. The Excel workbook includes a live dashboard (pass rate, open findings by priority), a findings register, an evidence-request list and a weighted risk-scoring model — so the review becomes a repeatable, evidence-based exercise.

Framework mapping built in

Every control carries practical mappings to CIS Benchmarks and CIS Controls v8.1, NIST CSF 2.0, ISO/IEC 27001:2022, PCI DSS v4.0.1 and the UAE IA / KSA ECC regional controls — so one review evidences several obligations at once. The mappings are practical audit mappings, not a substitute for the licensed text of each standard.

Frequently asked questions

What is a container & k8s hardening checklist?

It is a structured list of security controls used to reduce attack surface and configure container & k8s securely. This one contains 32 controls, each with a test method, the evidence to collect and the risk if it is missing.

Which platforms does it cover?

The control questions are vendor-neutral and a dedicated command reference gives the exact command or console path for Docker, Kubernetes (upstream), Red Hat OpenShift, Managed EKS / AKS / GKE.

Is it aligned to CIS Benchmarks and PCI DSS?

Every control is mapped to CIS Benchmarks and CIS Controls v8.1, NIST CSF 2.0, ISO/IEC 27001:2022 and PCI DSS v4.0.1, plus UAE IA and KSA ECC — so a single review supports several compliance obligations.

What format is the download?

You get a 12-sheet Excel working checklist (with a live dashboard, findings register and command reference) and a matching PDF narrative workbook. Both are free.

Can CyberSigma run this review for us?

Yes — our CERT-In empanelled auditors perform independent configuration reviews and hardening assessments against this checklist, with a prioritised findings report and remediation support.

This checklist is provided for educational use and is not a substitute for the licensed text of the referenced standards or a formal audit opinion. © Cyber Sigma Consulting Services LLP.

Related services

Cloud security reviewISO 27001PCI DSS compliance