CIS Container-Optimized OS Benchmark

This document describes the level of compliance that Google Distributed Cloud has with the CIS Container-Optimized OS Benchmark. The Benchmark is a set of recommendations for configuring instances that use Container-Optimized OS to support a strong security posture.

Versions

This document refers to these versions:

Anthos version OS version CIS Container-Optimized OS Benchmark version CIS level
1.12.0 Milestone 97 v1.0.0 Level 1 Server

Access the benchmark

The Container-Optimized OS CIS Benchmark is available on the CIS website:

Recommendation levels

The following table describes the recommendation levels for the CIS Container-Optimized OS Benchmark.

Level Description
Level 1

Recommendations at this level are meant to be applicable to the majority of environments.

Level 2

Extends the Level 1 profile, resulting in a more stringent security environment.

Status of Google Distributed Cloud

The Container-Optimized OS images used with Google Distributed Cloud are hardened to meet the CIS Level 1 - Server profile. All Google Distributed Cloud components pass the recommendations for this level.