AKS support for regulated industries
Published date: 25 May, 2021
Regulated industries, such as healthcare and finance, typically have stringent requirements that organisations must comply with for their workloads. AKS for regulated industries, a collection of guidance, benchmarks, best practices and features, makes it easier for regulated industries to use AKS for their regulated workloads.
The following are key elements that make up AKS for regulated industries:
- AKS cluster Baseline for Regulated Workloads: A reference architecture and implementation to make it easier to get started. Learn more.
- AKS PCI Payment Card Industry (PCI) Guidance: Reference Guidance to help organisations achieve compliance with PCI standards required of for storing, processing, and transmitting payment and cardholder data.
- CIS AKS Benchmark: AKS Security Benchmark v1.0.0 published by the Center of Internet Security (CIS), specific to AKS allows you to use checklist and benchmark tool to validate compliance of your AKS clusters. The CIS AKS Foundations Benchmarks is in alignment with the Microsoft recommended security best practices defined in Azure Security Benchmark control and service baseline for AKS. A mapping between the Azure Security Benchmark and CIS AKS Security Benchmark has been included in the CIS AKS Benchmark.
To learn more, visit https://aka.ms/aks/cis-benchmark and Azure security baseline for Azure Kubernetes Service | Microsoft Docs
- Azure RBAC for Kubernetes Authorization feature (generally available): Enables unified management and centralised access control across Azure and AKS resources at scale. For more details, see Azure RBAC for Kubernetes authorization announcement.
- Federal Information Processing Standards (FIPS) compliant nodes feature (in preview): Allows you to achieve and apply FEDRAMP compliance required for meeting the mandated data security and computing standards. For more details, see FIPS compliant nodes feature.
- CSI secret store feature (in preview): Provides a more secure and easier integration mechanism for accessing secrets stores in AKS via the container’s file system. For more details, see AKS support for CSI secret store (preview) announcement.