KCSA Certification Guide: Kubernetes Security Foundations in 2026

KCSA (Kubernetes and Cloud Security Associate) is an associate-level certification focused on baseline Kubernetes and cloud native security knowledge. It's a good fit if you want security fundamentals before tackling hands-on security work like CKS. You can register for the exam through Linux Foundation Training & Certification.

Who KCSA is for#

• Platform/DevOps engineers who need security fundamentals for Kubernetes operations.
• Security analysts/engineers moving into cloud native environments.
• Developers who want to understand Kubernetes security basics (RBAC, threats, compliance).

Exam format and coverage#

KCSA is an online, proctored multiple-choice exam. The CNCF page lists these domain weights:

• Overview of Cloud Native Security (14%)
• Kubernetes Cluster Component Security (22%)
• Kubernetes Security Fundamentals (22%)
• Kubernetes Threat Model (16%)
• Platform Security (16%)
• Compliance and Security Frameworks (10%)

How to prepare (high ROI topics)#

• RBAC: roles, role bindings, least privilege, and audit thinking.
• Threat modeling: where Kubernetes can be attacked (supply chain, runtime, misconfig).
• Platform controls: policies, admission, and guardrails (conceptually).

Even if you're not doing hands-on tasks yet, you should understand the primitives that show up in production security discussions (RBAC, namespaces, workloads, services). The Kubernetes and Cloud Native Security Associate (KCSA) course + exam bundle is a good structured path.

Where KCSA fits in a long-term path#

• KCSA pairs well with KCNA if you're starting out.
• If you're aiming for CKS, you'll still need CKA first, but KCSA can reduce the learning curve on security concepts.

Training & certification (Linux Foundation)#

For official training/certification flows, use: Linux Foundation Training & Certification.

Sources#

• KCSA (CNCF) — exam overview and domain weights
• CNCF curriculum repository (KCSA included)