GRC
Definition
GRC stands for Governance, Risk Management, and Compliance. It is a structured approach to aligning IT with business objectives while managing risk and meeting regulatory requirements. GRC helps organizations ensure that their operations are conducted ethically and in accordance with their risk appetite, legal obligations, and internal policies. It encompasses the processes and tools used to integrate governance, risk management, and compliance activities across an organization.
Secure Settings Example
# Example of a secure Kubernetes PodSecurityPolicy
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
Insecure Settings Example
# Example of an insecure Kubernetes PodSecurityPolicy
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: permissive
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities: []
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
volumes:
- '*'