Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
Item Search
Audits
Item Search
Filters (1)
Description
Filename
Plugin
References
Control ID
Relevance
Description
Plugin
Filename
References (Active)
Search by References
Clear All
‹‹ Previous
Previous
Page 3 of 6
• 254 Total
Next
Next ››
Name
Audit Name
Plugin
Category
1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.2 Ensure that the API server pod specification file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.5 Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.14 Ensure that the admin.conf file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
1.2.13 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used
CIS Kubernetes Benchmark v1.6.1 L1 Master
Unix
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Worker
Unix
3.1.3 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Worker
Unix
3.1.4 Ensure that the kubelet configuration file ownership is set to root:root
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Worker
Unix
3.2.6 Ensure that the --protect-kernel-defaults argument is set to true
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Worker
Unix
4.1.2 Ensure that the kubelet service file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.1.5 Ensure that default service accounts are not actively used.
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
GCP
4.1.5 Ensure that default service accounts are not actively used.
CIS Google Kubernetes Engine (GKE) v1.3.0 L1
GCP
4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.1.9 Ensure that the kubelet --config configuration file has permissions set to 644 or more restrictive
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.1.10 Ensure that the kubelet --config configuration file ownership is set to root:root
CIS Kubernetes Benchmark v1.6.1 L1 Worker
Unix
4.2.1 Minimize the admission of privileged containers
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
GCP
4.2.2 Minimize the admission of containers wishing to share the host process ID namespace
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
GCP
4.2.3 Minimize the admission of containers wishing to share the host IPC namespace
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
GCP
4.2.4 Minimize the admission of containers wishing to share the host network namespace
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
GCP
4.2.5 Minimize the admission of containers with allowPrivilegeEscalation
CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
GCP
4.2.6 Minimize the admission of root containers
CIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
GCP
4.2.9 Minimize the admission of containers with capabilities assigned
CIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
GCP
4.6 Ensure that HEALTHCHECK instructions have been added to container images
CIS Docker v1.3.1 L1 Docker Linux
Unix
4.7 Ensure update instructions are not used alone in Dockerfiles
CIS Docker v1.3.1 L1 Docker Linux
Unix
4.8 Ensure Compute Instances Are Launched With Shielded VM Enabled
CIS Google Cloud Platform v3.0.0 L2
GCP
CONFIGURATION MANAGEMENT
4.9 Ensure that COPY is used instead of ADD in Dockerfiles
CIS Docker v1.3.1 L1 Docker Linux
Unix
5.1 Ensure that, if applicable, an AppArmor Profile is enabled
CIS Docker v1.3.1 L1 Docker Linux
Unix
5.1.4 Minimize Container Registries to only those approved
CIS Google Kubernetes Engine (GKE) v1.3.0 L2
GCP
5.1.4 Minimize Container Registries to only those approved
CIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
GCP
5.2 Ensure that, if applicable, SELinux security options are set
CIS Docker v1.3.1 L2 Docker Linux
Unix
5.3 Ensure that Linux kernel capabilities are restricted within containers
CIS Docker v1.3.1 L1 Docker Linux
Unix
5.3 Ensure that, if applicable, SELinux security options are set
CIS Docker v1.6.0 L2 Docker Linux
Unix
SYSTEM AND INFORMATION INTEGRITY
5.14 Ensure that the 'on-failure' container restart policy is set to '5'
CIS Docker v1.3.1 L1 Docker Linux
Unix
5.28 Ensure that the PIDs cgroup limit is used
CIS Docker v1.3.1 L1 Docker Linux
Unix
8.3.4 Ensure standard processes are used for VM deployment
CIS VMware ESXi 6.7 v1.2.0 Level 1
VMware
8.3.4 Ensure standard processes are used for VM deployment
CIS VMware ESXi 7.0 v1.1.0 Level 1
VMware
8.3.4 Ensure standard processes are used for VM deployment
CIS VMware ESXi 7.0 v1.3.0 Level 1
VMware
8.3.4 Ensure standard processes are used for VM deployment
CIS VMware ESXi 7.0 v1.2.0 Level 1
VMware
‹‹ Previous
Previous
Page 3 of 6
• 254 Total
Next
Next ››