CIS Kubernetes Benchmark v1.5.1 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Kubernetes Benchmark v1.5.1 L2

Updated: 1/4/2021

Authority: CIS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 14

Audit Changelog


Revision 1.4 Jan 4, 2021 Miscellaneous Audit deprecated. Metadata updated.
Revision 1.3 Oct 5, 2020 Functional Update 1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to true 2.7 Ensure that a unique Certificate Authority is used for etcd 3.1.1 Client certificate authentication should not be used for users 3.2.2 Ensure that the audit policy covers key security concerns 4.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture 5.2.6 Minimize the admission of root containers 5.2.9 Minimize the admission of containers with capabilities assigned 5.3.2 Ensure that all Namespaces have Network Policies defined 5.4.2 Consider external secret storage 5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller 5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions 5.7.3 Apply Security Context to Your Pods and Containers 5.7.4 The default namespace should not be used
Revision 1.2 Sep 29, 2020 Miscellaneous References updated.
Revision 1.1 Jul 14, 2020 Miscellaneous Metadata updated.