Safeguard
Tag

cis-benchmark

Safeguard articles tagged "cis-benchmark" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Cloud Security

The 2026 AWS Security Checklist: Account, IAM, Network, and Data Controls

One SSRF call against an unpatched WAF and a permissive IAM role were enough to expose 106 million Capital One records in 2019 — here's the checklist that stops it.

Jul 12, 20267 min read
Kubernetes Security

Hardening Amazon EKS With Native AWS Controls

AWS secures the EKS control plane and etcd — everything else, from IAM to security groups to node OS patching, is on you under the shared responsibility model.

Jul 8, 20267 min read
Infrastructure Security

Applying CIS Benchmarks to cloud infrastructure

CIS Benchmarks turn "be secure" into testable checks for AWS, Azure, and GCP — here's how to move from annual audit to continuous enforcement.

Jun 16, 20268 min read
Container Security

Docker CIS Benchmark: what it checks and how to pass it

A practical breakdown of what the CIS Docker Benchmark actually checks, why Trivy alone only covers part of it, and how to remediate and stay compliant.

Apr 26, 20268 min read
Container Security

Kubernetes vulnerability scanning and audit-ready compliance

Image scans can pass while your Kubernetes control plane stays exposed. See why CVE-2025-1974 and CIS Benchmark gaps break audits — and how to close them.

Mar 27, 20267 min read
Infrastructure Security

How to harden a Linux server

A step-by-step guide to harden Linux server security: SSH hardening, firewalls, patching, CIS benchmark alignment, and verification for production systems.

Feb 13, 20268 min read
Buyer's Guides

Best Kubernetes security scanning tools

A practical, no-fluff comparison of Kubernetes security scanning tools — CIS benchmark coverage, runtime detection, and where each real vendor falls short.

Nov 17, 20258 min read
Container Security

How Snyk IaC scans Kubernetes manifests and Helm charts f...

A technical walkthrough of how Snyk IaC parses Kubernetes manifests, renders Helm charts, and checks them against CIS benchmarks before deployment.

Sep 3, 20257 min read
Container Security

Kubernetes RBAC Sprawl and Why It's Rarely Audited

Kubernetes RBAC grows faster than anyone tracks it, and there's no built-in tool to audit it. Here's why sprawl happens and what a real audit checks.

Aug 4, 20257 min read
cis-benchmark — Safeguard Blog