Files
info-tech-canon/infospace/standards/caring/benchmarks/kubernetes-rbac

id, title, status, created_by_workplan
id title status created_by_workplan
benchmark/caring/kubernetes-rbac/readme CARING Kubernetes RBAC Benchmark Workspace candidate ITC-WP-0010

CARING Kubernetes RBAC Benchmark

This workspace analyzes Kubernetes RBAC as a CARING benchmark, not as a shortcut profile. It is designed to stress access-governance orthogonality across Access Control, Organization, Governance, Security, Landscape, DevSecOps, Network, Observability, Task, and Tagging.

The benchmark keeps Kubernetes native constructs separate from CARING meaning:

  • Role and ClusterRole are rule bundles or capability profiles, not automatically CARING canonical roles.
  • RoleBinding and ClusterRoleBinding are grants or assignments.
  • ServiceAccount is a service subject and a workload identity anchor.
  • Namespace is a useful scope signal, but it is not automatically a tenant boundary.

Indexed benchmark artifacts:

  • benchmark.yaml
  • native-concepts.yaml
  • caring-mapping.yaml
  • access-descriptors.yaml
  • findings-and-canon-pressure.yaml