Cloud Native Architecture¶
Defining Functionality and Privileges¶
KSI-CNA-DFP
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
The functionality and privileges for infrastructure and services are strictly defined.
Enforcing Intended State¶
KSI-CNA-EIS
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Optional: Automated services are used to persistently assess the security of all machine-based information resources and automatically enforce their intended operational state.
Automated services are used to persistently assess the security of all machine-based information resources and automatically enforce their intended operational state.
Related SP 800-53 Controls: CA-2.1, CA-7.1
Terms: Information Resource, Machine-Based (Information Resources), Persistently
Implementing Best Practices¶
KSI-CNA-IBP
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
The use and configuration of third-party machine-based information resources is persistently compared against the original provider's best practices and guidance.
Related SP 800-53 Controls: AC-17.3, CM-2, PL-10
Terms: Information Resource, Machine-Based (Information Resources), Persistently
Minimizing Attack Surface¶
KSI-CNA-MAT
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Machine-based information resources are persistently reviewed to ensure they have a minimal attack surface and that lateral movement is minimized if compromised.
Related SP 800-53 Controls: AC-17.3, AC-18.1, AC-18.3, AC-20.1, CA-9, SC-7.3, SC-7.4, SC-7.5, SC-7.8, SC-8, SC-10, SI-10, SI-11, SI-16
Terms: Information Resource, Machine-Based (Information Resources), Persistently
Optimizing for Availability¶
KSI-CNA-OFA
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Machine-based information resources are persistently reviewed to ensure they are appropriately optimized for high availability and rapid recovery.
Terms: Information Resource, Machine-Based (Information Resources), Persistently
Restricting Network Traffic¶
KSI-CNA-RNT
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Machine-based information resources are persistently reviewed to ensure they are appropriately configured to limit inbound and outbound network traffic.
Related SP 800-53 Controls: AC-17.3, CA-9, CM-7.1, SC-7.5, SI-8
Terms: Information Resource, Machine-Based (Information Resources), Persistently
Reviewing Protections¶
KSI-CNA-RVP
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
The effectiveness of protection against denial of service attacks and other unwanted activity for machine-based information resources is persistently reviewed.
Related SP 800-53 Controls: SC-5, SI-8, SI-8.2
Terms: Information Resource, Machine-Based (Information Resources), Persistently
Using Logical Networking¶
KSI-CNA-ULN
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Logical networking and related capabilities are used and persistently reviewed to enforce traffic flow controls.
Related SP 800-53 Controls: AC-12, AC-17.3, CA-9, SC-4, SC-7, SC-7.7, SC-8, SC-10
Terms: Persistently