Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.4.1 Ensure 'System Backup' is set.CIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.1.1 Ensure that the kubeconfig file permissions are set to 644 or more restrictiveCIS Google Kubernetes Engine GKE v1.9.0 L1 UnixUnix

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

3.1.2 Ensure that the kubelet kubeconfig file ownership is set to root:rootCIS Google Kubernetes Engine GKE v1.9.0 L1 UnixUnix

ACCESS CONTROL, MEDIA PROTECTION

3.1.3 Ensure that the kubelet configuration file has permissions set to 644CIS Google Kubernetes Engine GKE v1.9.0 L1 UnixUnix

ACCESS CONTROL, MEDIA PROTECTION

3.1.4 Ensure that the kubelet configuration file ownership is set to root:rootCIS Google Kubernetes Engine GKE v1.9.0 L1 UnixUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.2 Minimize access to secretsCIS Google Kubernetes Engine GKE Autopilot v1.3.0 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.1.2 Minimize access to secretsCIS Google Kubernetes Engine GKE v1.9.0 L1 GCPGCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.1.4 Ensure that default service accounts are not actively usedCIS Google Kubernetes Engine GKE Autopilot v1.3.0 L1GCP

ACCESS CONTROL

4.1.4 Ensure that default service accounts are not actively usedCIS Google Kubernetes Engine GKE v1.9.0 L1 GCPGCP

ACCESS CONTROL

4.1.9 Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictiveCIS Red Hat OpenShift Container Platform v1.9.0 L1OpenShift

ACCESS CONTROL

4.2.1 Ensure that the cluster enforces Pod Security Standard Baseline profile or stricter for all namespaces.CIS Google Kubernetes Engine GKE v1.9.0 L1 GCPGCP

CONFIGURATION MANAGEMENT

5.1.4 Ensure only trusted container images are usedCIS Google Kubernetes Engine GKE v1.9.0 L2 GCPGCP

CONFIGURATION MANAGEMENT

5.1.4 Ensure only trusted container images are usedCIS Google Kubernetes Engine GKE Autopilot v1.3.0 L2GCP

CONFIGURATION MANAGEMENT

5.1.4 Minimize access to create podsCIS Red Hat OpenShift Container Platform v1.9.0 L1OpenShift

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

5.2.2 Minimize the admission of containers wishing to share the host process ID namespaceCIS Red Hat OpenShift Container Platform v1.9.0 L1OpenShift

ACCESS CONTROL

5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE Node imagesCIS Google Kubernetes Engine GKE v1.9.0 L1 GCPGCP

CONFIGURATION MANAGEMENT

5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Red Hat OpenShift Container Platform v1.9.0 L2 OpenShiftOpenShift

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.3.4 (L1) Ensure standard processes are used for VM deploymentCIS VMware ESXi 7.0 v1.5.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.3.4 Ensure standard processes are used for VM deploymentCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.3.4 Ensure templates are used whenever possible to deploy VMsCIS VMware ESXi 6.5 v1.0.0 Level 1VMware

CONFIGURATION MANAGEMENT