Audit mode for graduated rollout
Description
PSS audit mode records violations without enforcing; useful for migration assessment.
⚠️ Risk Impact
Audit-only mode detects violations but doesn't prevent them; relies on operator review.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.
🔧 Remediation
Apply pod-security.kubernetes.io/audit=restricted to namespaces during migration. Review violations daily. Graduate to enforce when no violations for 7 days.
💀 Real-World Attack Scenario
A team applied audit-mode for 'a few weeks' to assess Restricted readiness. The audit mode persisted for 9 months. During that time, violations were recorded but unreviewed; pods continued to ship with privileged configurations.
💰 Cost of Non-Compliance
Audit-mode persistence: cited in 22% of K8s audit findings (Aqua 2024).
📋 Audit Questions
- 1.Namespaces in audit mode?
- 2.Migration timeline?
- 3.Violation review cadence?
⚡ Common Pitfalls
- ⛔Audit mode permanent — never graduates to enforce
- ⛔Violations recorded but not reviewed
- ⛔Mixed audit + enforce within same cluster confuses operators
📈 Business Value
Audit mode is a migration tool, not an end state.
⏱️ Effort Estimate
Migration review
EchelonGraph tracks namespace PSS state
🔗 Cross-Framework References
Automate Pod Security Standards PSS-Audit compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →