Skip to main content

Kubernetes CIS Benchmark Alignment

Zen Mesh intends to test SaaS control-plane and data-plane cluster baselines against the CIS Kubernetes Benchmark where applicable. This is a technical hardening signal, not formal CIS certification. It is not a claim that customer clusters are compliant.

Current Status

Maturity Level: 0 — Not assessed

No CIS Benchmark runs have been completed for Zen Mesh SaaS or data-plane clusters. This is a planned evidence initiative.

Maturity Ladder

LevelDescriptionCurrent
0Not assessedActive
1Benchmark run completed — all checks executedPlanned
2Critical and high findings remediated or justifiedPlanned
3Repeatable CIS evidence pack publishedPlanned
4Recurring CIS drift check — benchmark runs in CIPlanned
5Externally reviewed or formal audit supportNot planned

Scope

ComponentBenchmark ApplicabilityStatusNote
SaaS control-plane clustersCIS Kubernetes BenchmarkPlannedManaged cloud provider control-plane components may be provider-managed and not directly testable
Data-plane agent clustersCIS Kubernetes BenchmarkPlannedCustomer-deployed agents; benchmark applicable to customer-managed nodes
Managed control-plane (EKS, GKE, AKS)Provider-managedNot applicableControl-plane components managed by cloud provider; not directly testable by Zen Mesh

Non-Claims

  • This is not a formal CIS certification.
  • This is not a claim that customer clusters are compliant with the CIS Benchmark.
  • This is not a claim that Zen Mesh SaaS or its data-plane is fully hardened.
  • Benchmark results will show pass, fail, warn, and not-applicable — not a binary pass/fail.
  • Managed cloud control-plane checks may be provider-managed or not testable at all.