Fintech & regulatory

Compliance

How the current policy set maps to common compliance frameworks. Coverage is advisory: it is measured against the controls mapped in opserapol, not the full framework, and is not an audit artifact.

PCI DSS4.0100%

Payment Card Industry Data Security Standard

14 of 14 mapped controls covered
SOC 22017 TSC100%

AICPA Trust Services Criteria (Security)

6 of 6 mapped controls covered
CIS Kubernetes Benchmarkv1.8100%

Section 5 — policies enforceable at admission

16 of 16 mapped controls covered
NIST SP 800-53rev. 5100%

Security and privacy controls

13 of 13 mapped controls covered
ISO/IEC 270012022100%

Annex A controls

7 of 7 mapped controls covered
DORAEU 2022/2554100%

Digital Operational Resilience Act (EU financial entities)

5 of 5 mapped controls covered
CIS Kubernetes Benchmark v1.8cis-k8s
16/16 (100%)
ControlTitleMapped policies
5.1.5Ensure that default service accounts are not actively used
5.1.6Ensure that Service Account Tokens are only mounted where necessary
5.2.1Minimize the admission of privileged containers
5.2.2Minimize the admission of containers wishing to share the host process ID namespace
5.2.3Minimize the admission of containers wishing to share the host IPC namespace
5.2.4Minimize the admission of containers wishing to share the host network namespace
5.2.5Minimize the admission of containers with allowPrivilegeEscalation
5.2.6Minimize the admission of root containers
5.2.8Minimize the admission of containers with added capabilities
5.2.9Minimize the admission of containers with capabilities assigned
5.2.11Minimize the admission of containers without a seccomp profile
5.3.2Ensure that all Namespaces have Network Policies defined
5.4.1Prefer using secrets as files over secrets as environment variables
5.5.1Configure Image Provenance using ImagePolicyWebhook admission controller
5.7.2Apply Security Context to Pods and Containers
5.7.4The default namespace should not be used