New Release: CIS Azure Kubernetes Service (AKS) Benchmark

CIS is pleased to announce the first-time release of the CIS Azure Kubernetes Service (AKS) Benchmark v1.0.0. This new CIS Benchmark closely maps to the Microsoft Azure security baseline for AKS.

CIS Azure Kubernetes Service Benchmark: A Collaborative Creation

The Center for Internet Security (CIS), Azure, and CIS’s global community of cybersecurity experts collaborated to develop the CIS Azure Kubernetes Service (AKS) Benchmark v1.0.0. Azure and CIS worked closely to ensure consistency between the CIS Benchmark and the Azure security baseline for AKS. The intention is to avoid confusion for AKS users by providing unified security guidance.
CIS is grateful for the significant contribution from Azure in the consensus development process. This cooperative effort allows Azure cloud consumers to easily secure their environments without having to choose which guidance to follow.

Highlights of this first-release CIS Azure Kubernetes Service Benchmark include:

  • Restricting untrusted workloads
  • Role-based authentication (RBAC) and active directory
  • Access and identity options for Azure Kubernetes Service

Download the CIS Azure Kubernetes Service Benchmark

CIS AKS Benchmark Mapped to CIS Controls IGs

For ease of use, within each CIS Benchmark recommendation, there’s a direct reference to which CIS Control(s) the recommendation maps to. With the recent release of CIS Controls v8, each new and updated CIS Benchmark will also contain a table that shows which CIS Controls the recommendation maps to and CIS Controls Implementation Groups (IGs).


CIS AKS Benchmark Mapped to CIS Controls IGs


Additional Update: CIS Kubernetes v1.20 Benchmark

Those interested in this new release may also be interested in the updated CIS Kubernetes v1.20 Benchmark v1.0.0. Updates to this CIS Benchmark include:

  • Mapping to CIS Controls v8
  • Support for Kubernetes v1.20
  • Updated automated access control features

The CIS Kubernetes Benchmark is one of the top 10 downloaded CIS Benchmarks. Users downloaded the CIS Kubernetes Benchmark more than 5,800 times in the first five months of 2021 alone. This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS community thanks the entire consensus team with special recognition to the following individuals who contributed greatly to the creation of these guidelines:

  • Authors
    • Rory McCune
    • Liz Rice
  • Editor
    • Randall Mowen
  • Contributors
    • Pravin Goya
    • Prabhu Angadi
    • Jordan Liggitt
    • Maya Kaczorowski
    • Andrew Martin
    • Mark Larinde

Interested in learning about the process that goes into developing all CIS Benchmarks? Check out our video below.



CIS Hardened Images on Azure Marketplace

Another element of CIS’s partnership with Azure is the availability of CIS Hardened Images. They are available on Azure Marketplace and on the Azure Government Marketplace. CIS Hardened Images are virtual machine images pre-configured to the security recommendations of the CIS Benchmarks. CIS Hardened Images provide users a secure, on-demand, and scalable computing environment. They save time and money on hardware purchasing, software licensing, and maintenance.
CIS Hardened Images are Azure certified. Azure pre-tested CIS Hardened Images for readiness and compatibility with the Microsoft Azure public cloud.