Revision 1.7Apr 12, 2023
Functional Update
- 1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to true
- 2.7 Ensure that a unique Certificate Authority is used for etcd
- 3.2.2 Ensure that the audit policy covers key security concerns
- 5.2.6 Minimize the admission of root containers
- 5.2.9 Minimize the admission of containers with capabilities assigned
- 5.3.2 Ensure that all Namespaces have Network Policies defined
- 5.4.1 Prefer using secrets as files over secrets as environment variables
- 5.4.2 Consider external secret storage
- 5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller
- 5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions
- 5.7.3 Apply Security Context to Your Pods and Containers
- 5.7.4 The default namespace should not be used
Informational Update
- 3.2.2 Ensure that the audit policy covers key security concerns
Miscellaneous
- Metadata updated.
- Platform check updated.
Removed
- CIS_Kubernetes_v1.6.1_Level_2_Master.audit from CIS Kubernetes Benchmark v1.6.1