How does EchelonGraph detect Pod Security Standards PSS-Privileged violations?

EchelonGraph automatically detects Pod Security Standards PSS-Privileged violations using scanner rule PSS-001. The scanner checks cloud infrastructure configurations in real-time and flags non-compliant resources.

🔒Pod Security Standards PSS-PrivilegedRule: PSS-001low

Privileged (unrestricted)

Description

Unrestricted policy — should not be applied to production workloads. EchelonGraph flags Privileged-tier namespaces as low-severity informational so you can plan migration to Baseline / Restricted.

⚠️ Risk Impact

Privileged tier permits anything; in production it equates to no Pod-level admission controls.

🔍 How EchelonGraph Detects This

PSS-001Automated scanner rule

EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as low-severity findings with remediation guidance.

🔧 Remediation

Apply pod-security.kubernetes.io/enforce=baseline at namespace level, then ratchet to restricted once workloads comply.

🔗 Cross-Framework References

CIS-K8S-5.2.1

Automate Pod Security Standards PSS-Privileged compliance

EchelonGraph continuously monitors this control across all your cloud accounts.

Start Free →