diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 4abe7d8e9fa..20ec01ed9d0 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -40,6 +40,7 @@
 /packages/cisco_nexus @elastic/security-external-integrations
 /packages/cisco_secure_endpoint @elastic/security-external-integrations
 /packages/cisco_umbrella @elastic/security-external-integrations
+/packages/cloud_security_posture @elastic/cloud-security-posture
 /packages/cloudflare @elastic/security-external-integrations
 /packages/cockroachdb @elastic/integrations
 /packages/containerd @elastic/obs-cloudnative-monitoring
diff --git a/packages/cis_kubernetes_benchmark/manifest.yml b/packages/cis_kubernetes_benchmark/manifest.yml
index 91f4f468dd9..3d107754be5 100644
--- a/packages/cis_kubernetes_benchmark/manifest.yml
+++ b/packages/cis_kubernetes_benchmark/manifest.yml
@@ -1,6 +1,6 @@
 format_version: 1.0.0
 name: cis_kubernetes_benchmark
-title: "CIS Kubernetes Benchmark"
+title: "CIS Kubernetes Benchmark - deprecated"
 version: 0.0.1
 license: basic
 description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark."
diff --git a/packages/cloud_security_posture/_dev/deploy/k8s/.empty b/packages/cloud_security_posture/_dev/deploy/k8s/.empty
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml
new file mode 100644
index 00000000000..ef61ac2fcac
--- /dev/null
+++ b/packages/cloud_security_posture/changelog.yml
@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+  changes:
+    - description: Initial draft of the package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3113
diff --git a/packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs b/packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..6b3ea6de9ff
--- /dev/null
+++ b/packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs
@@ -0,0 +1,2 @@
+processors:
+  - add_cluster_id: ~
diff --git a/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml
new file mode 100644
index 00000000000..7c798f4534c
--- /dev/null
+++ b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml
@@ -0,0 +1,12 @@
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: '@timestamp'
+  type: date
+  description: Event timestamp.
diff --git a/packages/cloud_security_posture/data_stream/findings/fields/findings.yml b/packages/cloud_security_posture/data_stream/findings/fields/findings.yml
new file mode 100644
index 00000000000..f21b3aa8de6
--- /dev/null
+++ b/packages/cloud_security_posture/data_stream/findings/fields/findings.yml
@@ -0,0 +1,81 @@
+- name: cycle_id
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: type
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: resource_id
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: cluster_id
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: agent
+  type: group
+  fields:
+    - name: id
+      type: text
+      description: Agent ID
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+- name: resource
+  type: group
+  fields:
+    - name: type
+      type: text
+      description: Source type of the resource
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+    - name: filename
+      type: text
+      description: Resource filename
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+- name: rule
+  type: group
+  fields:
+    - name: name
+      type: keyword
+      description: Rule name
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+    - name: benchmark
+      type: group
+      fields:
+        - name: name
+          type: text
+          description: Benchmark name
+          multi_fields:
+            - name: keyword
+              type: keyword
+              ignore_above: 1024
+- name: result
+  type: group
+  fields:
+    - name: evaluation
+      type: text
+      description: Rule result
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
diff --git a/packages/cloud_security_posture/data_stream/findings/manifest.yml b/packages/cloud_security_posture/data_stream/findings/manifest.yml
new file mode 100644
index 00000000000..7884911b1a1
--- /dev/null
+++ b/packages/cloud_security_posture/data_stream/findings/manifest.yml
@@ -0,0 +1,6 @@
+title: "Findings"
+type: logs
+streams:
+  - input: cloudbeat
+    title: K8s CIS Compliance
+    description: Check CIS Benchmark compliance
diff --git a/packages/cloud_security_posture/docs/README.md b/packages/cloud_security_posture/docs/README.md
new file mode 100644
index 00000000000..9134a8a0f98
--- /dev/null
+++ b/packages/cloud_security_posture/docs/README.md
@@ -0,0 +1,28 @@
+# CIS Kubernetes Benchmark
+
+This integration compares [Kubernetes](https://kubernetes.io/) configuration against CIS benchmark checks. It computes a score that ranges between 0 - 100. This integration requires access to node files, node processes, and the Kuberenetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached.
+
+See agent [installation instructions](https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html).
+
+Additionally, In order for the integration to be installed, The Cloud Security Posture Kibana plugin must be enabled.
+
+This could be done by adding the following configuration line to `kibana.yml`:
+```
+xpack.cloudSecurityPosture.enabled: true
+```
+
+## Leader election
+
+To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism.
+This mechanism assures that the cluster level data is collected by only one of the agents running as aprt of the DeamonSet and not by all of them.
+
+Cluster level data example: List of the running pods.
+Node level data examle: kubelet configuration.
+
+## Compatibility
+
+The Kubernetes package is tested with Kubernetes 1.21.x
+
+## Dashboard
+
+CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings.
diff --git a/packages/cloud_security_posture/img/benchmarks.png b/packages/cloud_security_posture/img/benchmarks.png
new file mode 100644
index 00000000000..a86a0ec483e
Binary files /dev/null and b/packages/cloud_security_posture/img/benchmarks.png differ
diff --git a/packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg b/packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg
new file mode 100644
index 00000000000..7f3e86f5482
--- /dev/null
+++ b/packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg
@@ -0,0 +1 @@
+<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path d="M15.89.003c.355-.018.71.053 1.03.206l11.127 5.304a2.11 2.11 0 0 1 1.15 1.429l2.75 11.921a2.09 2.09 0 0 1-.412 1.783l-7.697 9.56c-.404.5-1.016.792-1.663.791L9.827 31c-.648 0-1.26-.292-1.664-.793l-7.7-9.558a2.107 2.107 0 0 1-.41-1.783L2.798 6.945a2.11 2.11 0 0 1 1.151-1.43L15.074.21c.255-.122.532-.192.815-.206zM16 4.06c-.368 0-.667.33-.667.738l.002.019c0 .055-.003.122-.002.17.01.236.06.416.091.632.057.464.103.849.074 1.206-.028.135-.127.258-.216.344l-.015.281a8.569 8.569 0 0 0-5.555 2.666c-.074-.05-.202-.142-.24-.17-.12.016-.24.053-.396-.038-.298-.2-.57-.477-.898-.81-.15-.16-.26-.31-.438-.464-.04-.035-.103-.082-.148-.118a.793.793 0 0 0-.464-.175.642.642 0 0 0-.53.234c-.23.288-.156.726.163.98l.01.008c.044.035.098.08.138.11.19.14.363.212.552.323.398.246.729.45.99.695.103.108.12.3.134.383l.214.19a8.592 8.592 0 0 0-1.36 5.998l-.278.08c-.074.096-.177.245-.286.29-.343.107-.728.147-1.194.195-.218.018-.407.008-.639.051-.05.01-.122.029-.177.042l-.006.001-.01.003c-.393.095-.645.455-.564.81.082.355.465.57.86.485l.01-.001.013-.004c.055-.012.124-.026.172-.039.228-.06.393-.15.597-.228.44-.158.806-.29 1.161-.341.149-.012.305.091.383.135l.29-.05a8.654 8.654 0 0 0 3.84 4.787l-.12.29c.043.113.091.265.059.376-.13.334-.35.688-.603 1.081-.122.182-.247.324-.357.532-.026.05-.06.126-.086.179-.17.365-.045.786.284.944.33.16.741-.008.919-.375l.001-.001v-.002c.025-.051.061-.12.083-.169.094-.215.125-.4.192-.609.176-.442.273-.905.515-1.194.067-.08.175-.11.287-.14l.151-.273a8.616 8.616 0 0 0 6.145.016l.142.256c.114.037.239.056.34.206.182.31.306.675.457 1.118.066.208.1.393.194.61.021.048.057.117.082.17.177.367.59.535.92.376.33-.158.455-.58.284-.945-.026-.052-.06-.129-.087-.179-.11-.208-.235-.348-.357-.53-.252-.393-.461-.72-.59-1.055-.055-.173.009-.28.05-.392-.025-.029-.079-.192-.11-.268a8.654 8.654 0 0 0 3.838-4.822c.086.014.236.04.285.05.1-.066.192-.152.373-.138.355.052.72.183 1.16.341.205.078.37.17.598.23.048.013.117.025.172.037l.013.004.01.002c.395.085.778-.131.86-.486.08-.355-.171-.715-.564-.81-.057-.013-.138-.035-.193-.045-.232-.044-.42-.033-.64-.051-.465-.049-.85-.089-1.193-.196-.14-.054-.239-.22-.287-.289l-.27-.078a8.572 8.572 0 0 0-.139-3.104 8.599 8.599 0 0 0-1.247-2.88c.068-.062.199-.177.236-.21.01-.12.001-.245.125-.377.262-.246.592-.45.99-.695.19-.11.364-.182.554-.322.043-.032.101-.082.146-.118.32-.255.393-.693.164-.98-.23-.287-.674-.314-.993-.06-.046.036-.107.083-.148.118-.179.153-.29.305-.44.464-.328.333-.6.611-.898.812-.129.075-.318.049-.404.044l-.253.18a8.732 8.732 0 0 0-5.528-2.666 16.036 16.036 0 0 1-.015-.297c-.087-.083-.192-.154-.218-.333-.029-.357.02-.742.076-1.206.03-.216.082-.396.09-.632.003-.053 0-.13 0-.189 0-.408-.299-.738-.667-.738zm-.834 5.156l-.198 3.488-.014.007a.587.587 0 0 1-.932.449l-.006.002-2.864-2.027a6.862 6.862 0 0 1 4.014-1.919zm1.668 0a6.922 6.922 0 0 1 3.99 1.92l-2.846 2.015-.01-.004a.588.588 0 0 1-.933-.448l-.003-.001-.198-3.482zm-6.72 3.222l2.614 2.335-.003.014a.585.585 0 0 1-.23 1.008l-.003.01-3.352.967a6.838 6.838 0 0 1 .973-4.334zm11.753.001c.388.63.683 1.331.858 2.093a6.91 6.91 0 0 1 .145 2.229l-3.37-.97-.002-.013a.586.586 0 0 1-.23-1.008l-.002-.007 2.6-2.324zm-6.404 2.515h1.071l.666.83-.239 1.038-.962.461-.964-.463-.24-1.037.668-.83zm3.435 2.844a.585.585 0 0 1 .135.01l.005-.008 3.468.586a6.858 6.858 0 0 1-2.776 3.481l-1.346-3.246.004-.005a.586.586 0 0 1 .51-.818zm-5.824.014a.587.587 0 0 1 .53.817l.01.012-1.331 3.214a6.886 6.886 0 0 1-2.767-3.458l3.437-.582.006.007a.595.595 0 0 1 .115-.01zm2.904 1.407a.582.582 0 0 1 .275.059.583.583 0 0 1 .263.25h.013l1.694 3.057c-.22.073-.446.136-.677.189a6.896 6.896 0 0 1-3.758-.194l1.69-3.05h.003a.588.588 0 0 1 .497-.31z" fill="#326CE5" fill-rule="nonzero"/></svg>
diff --git a/packages/cloud_security_posture/img/dashboard.png b/packages/cloud_security_posture/img/dashboard.png
new file mode 100644
index 00000000000..0502f3fe3f2
Binary files /dev/null and b/packages/cloud_security_posture/img/dashboard.png differ
diff --git a/packages/cloud_security_posture/img/findings-flyout.png b/packages/cloud_security_posture/img/findings-flyout.png
new file mode 100644
index 00000000000..e1daa72501d
Binary files /dev/null and b/packages/cloud_security_posture/img/findings-flyout.png differ
diff --git a/packages/cloud_security_posture/img/findings.png b/packages/cloud_security_posture/img/findings.png
new file mode 100644
index 00000000000..6aeaf1e4299
Binary files /dev/null and b/packages/cloud_security_posture/img/findings.png differ
diff --git a/packages/cloud_security_posture/img/rules.png b/packages/cloud_security_posture/img/rules.png
new file mode 100644
index 00000000000..ea86ba845e2
Binary files /dev/null and b/packages/cloud_security_posture/img/rules.png differ
diff --git a/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json
new file mode 100644
index 00000000000..cd2d45a61df
--- /dev/null
+++ b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json
@@ -0,0 +1,14 @@
+{
+    "attributes": {
+        "description": "",
+        "title": "logs-cloud_security_posture.findings-*"
+    },
+    "coreMigrationVersion": "8.1.0",
+    "id": "cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "type": "index-pattern",
+    "updated_at": "2022-01-27T08:10:19.277Z",
+    "version": "WzMwNDY5LDFd"
+}
\ No newline at end of file
diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml
new file mode 100644
index 00000000000..58d7b863dc5
--- /dev/null
+++ b/packages/cloud_security_posture/manifest.yml
@@ -0,0 +1,57 @@
+format_version: 1.0.0
+name: cloud_security_posture
+title: "CIS Kubernetes Benchmark"
+version: 0.0.1
+license: basic
+description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark."
+type: integration
+categories:
+  - containers
+  - kubernetes
+release: experimental
+conditions:
+  kibana.version: "^8.3.0"
+screenshots:
+  - src: /img/dashboard.png
+    title: Dashboard page
+    size: 1293x718
+    type: image/png
+  - src: /img/findings.png
+    title: Findings page
+    size: 3134x1740
+    type: image/png
+  - src: /img/findings-flyout.png
+    title: Detailed view of a single finding
+    size: 3176x1748
+    type: image/png
+  - src: /img/benchmarks.png
+    title: Benchmarks page
+    size: 3168x1752
+    type: image/png
+  - src: /img/rules.png
+    title: Rules page
+    size: 3160x1708
+    type: image/png
+icons:
+  - src: /img/cis-kubernetes-benchmark-logo.svg
+    title: CIS Kubernetes Benchmark logo
+    size: 32x32
+    type: image/svg+xml
+policy_templates:
+  - name: kspm
+    title: CIS Kubernetes Benchmark
+    description: Check Kubernetes cluster compliance with the Kubernetes CIS benchmark.
+    multiple: false
+    inputs:
+      - type: cloudbeat
+        title: Enable CIS Kubernetes Benchmark
+        description: Collecting findings
+vars:
+  - name: dataYaml
+    type: yaml
+    title: Rules Activation Yaml
+    multi: false
+    required: false
+    show_user: false
+owner:
+  github: elastic/cloud-security-posture