What is NSA CISA

NSA stands for the National Security Agency, while CISA stands for the Cybersecurity and Infrastructure Security Agency. The NSA concentrates on signals intelligence and securing national security systems, while CISA is primarily responsible for enhancing cybersecurity resilience across government and critical infrastructure sectors and coordinating cybersecurity efforts at the national level.

Example of NSA CISA policies in SSD

• C-0068 - NSA - PSP enabled - Pod Security Policies enable fine- grained authorization of pod creation and updates and it extends authorization beyond RBAC. It is an important to use PSP to control the creation of sensitive pods in your cluster.

• C-0067 - NSA - Audit logs enabled - Audit logging is an important security feature in Kubernetes, it enables the operator to track requests to the cluster. It is important to use it so the operator has a record of events happened in Kubernetes.

• C-0058 - NSA - CVE-2021-25741 - Using symlink for arbitrary host file system access - A user may be able to create a container with subPath or subPathExpr volume mounts to access files & directories anywhere on the host filesystem. Following Kubernetes versions are affected: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower. This control checks the vulnerable versions and the actual usage of the subPath feature in all Pods in the cluster.

Refer NSA, CISA for more information.