This document describes the level of compliance that GKE on VMware has with the CIS Container-Optimized OS Benchmark. The Benchmark is a set of recommendations for configuring instances that use Container-Optimized OS to support a strong security posture.
Versions
This document refers to these versions:
| Anthos version | OS version | CIS Container-Optimized OS Benchmark version | CIS level |
|---|---|---|---|
| 1.12.0 | Milestone 97 | v1.0.0 | Level 1 Server |
Access the benchmark
The Container-Optimized OS CIS Benchmark is available on the CIS website:
- Go to the CIS Benchmarks downloads page.
- Search for CIS Google Container-Optimized OS Benchmark.
- Click Download PDF.
Recommendation levels
The following table describes the recommendation levels for the CIS Container-Optimized OS Benchmark.
| Level | Description |
|---|---|
| Level 1 | Recommendations at this level are meant to be applicable to the majority of environments. |
| Level 2 | Extends the Level 1 profile, resulting in a more stringent security environment. |
Status of GKE on VMware
The Container-Optimized OS images used with GKE on VMware are hardened to meet the CIS Level 1 - Server profile. All GKE on VMware components pass the recommendations for this level.