Audits Istio service meshes for evidence-backed Zero Trust maturity, attack paths, and remediation priorities.
90
90%
Does it follow best practices?
Impact
93%
1.19xAverage score across 4 eval scenarios
Advisory
Suggest reviewing before use
<0-100 or N/A><0-7 or N/A><0-100%><clusters, namespaces, workloads, time><one sentence><acceptable, conditional, or unacceptable risk>| Item | Value |
|---|---|
| Istio/Kubernetes versions | |
| Data-plane mode | |
| Clusters/namespaces | |
| Evidence collected | |
| Missing evidence | |
| Assumptions |
| Dimension | Rating (0-5) | Weighted score | Evidence status | Key gap |
|---|---|---|---|---|
| Workload identity | VERIFIED/INFERRED/UNKNOWN | |||
| mTLS | ||||
| Request authentication | ||||
| Authorization | ||||
| Segmentation | ||||
| Ingress | ||||
| Egress | ||||
| Auditability |
Explain confidence deductions and the first unmet maturity level.
[ID] Title<severity> / <high, medium, low>VERIFIED / INFERRED / UNKNOWN<resources and workloads><resource, selector, command output, or test><yes/no/not tested><source -> hops -> target><availability, confidentiality, integrity, compliance><specific change><positive and negative tests><how to restore service safely><when known>Order findings by severity, then exploitability and blast radius.
| Source | Identity | Path | Target | Existing controls | Result | Confidence |
|---|---|---|---|---|---|---|
| ALLOWED/DENIED/UNKNOWN |
Contain active or critical exposure without breaking required traffic.
Close high-risk identity, mTLS, authorization, ingress, and egress gaps.
Complete least privilege, segmentation, policy testing, and operational ownership.
Automate drift detection, attack-path tests, exception expiry, and audit evidence.
List accepted exceptions, compensating controls, unresolved contradictions, and exact commands or tests needed to close each unknown. End with a concise evidence-backed final assessment.