Here is the honest situation. The CNCF cloud native security guidance frames security across a lifecycle: develop, distribute, deploy and runtime, wrapped in governance, identity, supply chain and observability. It is how cloud native and Kubernetes teams are expected to secure fast-moving, ephemeral, orchestrated workloads. The trouble is that most teams cover one or two phases well, scanning in the pipeline or hardening runtime, and leave gaps in the others. An organization that scans images but does not verify provenance, or hardens deployments but cannot detect threats at runtime, is exactly where organizations fall short.
This Kit removes the guesswork. It is the cloud native security lifecycle written as adopt-ready controls you personalize in a weekend, with the evidence a reviewer examines.
What you get, the moment you buy
Grounded in the CNCF cloud native security guidance, with its develop, distribute, deploy and runtime lifecycle and the governance, supply chain, identity, network and observability elements called out. Editable Word and Excel files.
What one control looks like
This is establishing cloud native security governance, where the lifecycle begins. All 18 are built to this depth.
Why this is not another template pack
- The evidence is the point. A phase you cannot evidence is a gap an attacker can use. This tells you what a reviewer examines and where organizations fall short, for every part of the lifecycle.
- The whole lifecycle built in. Develop, distribute, deploy and runtime, plus supply chain, identity, network and observability, are written into the controls, the substance the guidance covers.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. Cloud native security connects to your supply chain, container and Kubernetes security and your wider SDLC, so this work feeds the whole platform program.
Who buys this
Platform, DevOps, SRE and security teams running cloud native and Kubernetes workloads, and the leads who own their security. Whether it is a first hardening pass or closing gaps across the lifecycle, you save weeks and walk in with develop, distribute, deploy and runtime structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Is this official CNCF certification? No. It is an independent implementation toolkit grounded in the cloud native security lifecycle. It gets your controls and evidence in order fast.
Does it cover the software supply chain? Yes. Signing and verifying artefacts, a bill of materials and provenance enforcement are built as controls.
Does it cover runtime? Yes. Workload isolation, runtime threat detection and securing the orchestrator are built as controls.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com