Skip to main content

Add Compliance Packs

Styra’s Compliance Packs are groups of policies and best practices that enable security and compliance teams to ensure their Kubernetes environments are in continuous compliance with appropriate regulations or standards.

Currently, compliance packs are only supported in the Kubernetes system. The following list of compliance packs are available in the Kubernetes systems:

  • Kubernetes Best Practices
  • CIS Benchmarks
  • MITRE ATT&CK
  • NIST Container Security
  • PCI DSS v3.2
  • Pod Security Policies
  • Pod Security v2

To add a compliance pack:

Adding a compliance pack into a system is similar for all packs. For example, to add a CIS benchmarks compliance pack in a Kubernetes system, do the following steps:

  1. Login to <das-id>.styra.com.

  2. In the left-hand navigation panel, click on your Kubernetes system located under Systems.

  3. The Dashboard or Monitoring dialog window is displayed. At the upper right side of this dialog window, click the Manage Compliance Packs button. The Manage Compliance Packs displays a list of available compliance packs.

  4. To add a compliance pack, click on one of the compliance packs listed under Manage Compliance Packs.

    • Kubernetes Best Practices
    • CIS Benchmarks
    • MITRE ATT&CK
    • NIST Container Security
    • PCI DSS v3.2
    • Pod Security Policies
    • Pod Security v2
  5. When you select the CIS Benchmarks, a dialog window appears with the first rule in the selected pack and it’s description on the right in the Requirements pane. The tab also displays the number of rules enlisted in the pack with the sequence number of the rule currently displayed on the screen.

    • All rules: Contains all the enlisted rules.

    • Not configured: Contains rules which require some input parameters, such as a list of allowed host paths or a allowed list of approved volume types. Parameters can be entered here or at a later stage in the Rego file.

  6. In the CIS Benchmarks dialog window, click the Done button to view the CIS Benchmarks draft Rego file screen. Click the left arrow and right arrow to view the rules.

note

Also, the CIS Benchmarks file will be visible in the Validating section under the selected Kubernetes system.

  1. After selecting the required implementation method (Monitor, Enforce, and Ignore), provide the necessary input parameters for the required rules, and click on the Publish button.

  2. DAS will check the syntax and ask for confirmation before publishing the changes. Click on Publish changes button to add the CIS compliance pack on the Kubernetes system.

tip

When you add a pack, the change in rule count is visible on the upper right corner of the page.