Policy Control Points

Identity-aware policy enforcement, runtime authorization, reporting, and exceptions — built on Kyverno + Kyverno AuthZ.

Applies to: Enterprise Kyverno 1.10 and later

Policy Control Points apply centrally configured policies and exceptions, and generate audit and compliance data. All control points share the same behavior but are delivered in different form factors based on where they operate in your stack.

Policy Control Points

Kubernetes Control Point — Enterprise-grade Kyverno distribution with LTS and SLAs
Pipeline Control Point — Policy enforcement for CI/CD pipelines using nctl
Terraform Control Point — Policy enforcement for Terraform Cloud workspaces
Cloud Control Point — Cloud posture management for AWS, GCP, and Azure using Nirmata Control Hub
AI Control Point — Identity-aware governance for LLM access — model access control, session budgets, cost attribution, and audit trails (In Private Preview)
Authz Control Point — Runtime authorization using Kyverno AuthZ (In Private Preview)

Enterprise Kyverno

Hardened and scalable Kyverno OSS with enterprise support

Nirmata Terraform Controller

A policy enforcement layer for Terraform that uses Kyverno to ensure every change meets organizational standards.

Nirmata Control Hub

Cloud Control Point — continuous posture management and admission control for AWS, GCP, and Azure.

AI Control Point

Identity-aware governance for LLM access — enforce who can call which model, at what cost, with full audit trails.

Authz Control Point

Runtime authorization for Kubernetes and cloud services using Kyverno AuthZ — in private preview.