E.2.5 Secured orchestration platform

Control Details

Objective

Ensure each deployed workload meets predetermined security requirements.

Definition

The build pipeline should be a series of hardened build steps implemented through a hardened container image stored within a secured repository and deployed through a hardened orchestration platform, such as Kubernetes. Orchestration processes can take advantage of built-in and added-on security features, such as checking for secrets and rollbacks to ensure that each deployed workload meets predetermined security requirements.

Assessment Questions

1. How are containers used throughout the build process?
2. Describe your orchestration layer, e.g. Kubernetes, if present.

Reference sources

1. BSIMM SE2.7
2. SLSA Build L3: Hardened builds
3. CNCF-SSC BP-A: Provision a secured orchestration platform