Profile Applicability:
Level 1
Description:
Deployment configuration manifests, such as Kubernetes YAML files, Helm charts, or other infrastructure-as-code definitions, must be verified for integrity and authenticity before deployment. Verification can include cryptographic signature validation, checksum comparison, or review against approved baselines to ensure that manifests have not been tampered with or altered unintentionally.
Rationale:
Verifying deployment manifests prevents the introduction of malicious, unauthorized, or corrupted configurations that could compromise system security or stability. This practice enhances trust in the deployment process, supports compliance, and reduces risks of misconfiguration-related incidents.
Impact:
Pros:
Protects against deployment of tampered or malicious configurations.
Enhances system stability by ensuring configuration integrity.
Supports audit and compliance requirements.
Cons:
Requires setup and maintenance of verification mechanisms.
May introduce delays if verification processes are manual or complex.
Default value:
By default, deployment manifests may be applied without formal verification, increasing risk.
Audit:
Review deployment pipelines and procedures to confirm verification steps exist. Check for usage of cryptographic signatures, checksums, or manual reviews before deployment.
Remediation:
Implement automated verification steps in deployment pipelines. Use tools that support manifest signing and validation. Establish policies requiring verification before any deployment.
References:
Kubernetes Documentation - Managing Kubernetes Secrets and Configuration: https://kubernetes.io/docs/concepts/configuration/overview/
Sigstore Project – Supply Chain Security: https://sigstore.dev/
CIS Controls v8, Control 16 – Application Software Security: https://www.cisecurity.org/controls/application-software-security/