Update self-assessment.md

Signed-off-by: JacksonQu <99768067+JacksonQu@users.noreply.github.com>
Rana-KV · Nov 28, 2023 · 9e989a5 · 9e989a5
1 parent 3100bb7
commit 9e989a5
Showing 1 changed file with 1 addition and 11 deletions.
diff --git a/assessments/projects/cni/self-assessment.md b/assessments/projects/cni/self-assessment.md
@@ -154,17 +154,7 @@ CNI seeks graduation and is preparing for a security audit.
 
 ## Security functions and features
 
-### Critical Security Components
-
-1. **Plugin-Based Network Connectivity Management**: CNI plugins are responsible for inserting a network interface into the container network namespace and making necessary changes on the host, such as attaching the other end of the veth into a bridge. They also assign IP addresses and set up routes consistent with IP Address Management (IPAM) plugins.
-
-### Security Relevant Components
-
-1. **Support for Kubernetes Network Policies**: CNI, especially Amazon VPC CNI, now natively supports enforcing Kubernetes network policies. These policies act as a virtual firewall, allowing segmentation and security of the cluster by specifying ingress and egress network traffic rules based on various criteria like pod labels, namespaces, IP addresses, etc. This integration provides granular control over the flow of network traffic, enhancing the security and isolation within Kubernetes clusters.
-2. **Compatibility with Kubernetes Network Policy API**: Amazon Elastic Kubernetes Service (EKS) fully supports the upstream Kubernetes Network Policy API, ensuring compatibility and adherence to Kubernetes standards. This compatibility allows for the use of all capabilities of the Network Policy API within Amazon EKS clusters, further enhancing security and isolation.
-3. **Implementation Components for Network Policies**: Amazon EKS introduces key components like Network Policy Controller, Node Agent, and eBPF SDK to facilitate the implementation of network policies. These components work together to monitor, apply, and manage network policies efficiently across the cluster.
-4. **Integration of Security Groups for Pods**: Amazon VPC CNI in IPv4 mode offers a feature called Security groups for pods. This feature enables the definition of rules governing inbound and outbound network traffic to and from pods, providing an additional layer of security. When combined with network policies, it enhances the overall security posture, reducing the attack surface and potential vulnerabilities.
-
+The CNI project primarily focuses on providing network interfaces and connectivity for containers, emphasizing flexibility in network configuration and plugins. While these are its core functionalities, specific security measures such as data encryption, checksums, signatures, and authentication mechanisms are not directly provided by the CNI project itself. These security features are more likely dependent on specific network plugins implementing the CNI interface or container orchestration systems using CNI, such as Kubernetes.
 
 ## Project compliance