| 3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.3 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.4 Ensure that the kubelet configuration file ownership is set to root:root | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1 Ensure that the --anonymous-auth argument is set to false | ACCESS CONTROL |
| 3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow | ACCESS CONTROL |
| 3.2.3 Ensure that the --client-ca-file argument is set as appropriate | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.4 Ensure that the --read-only-port argument is set to 0 | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.6 Ensure that the --make-iptables-util-chains argument is set to true | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure that the --hostname-override argument is not set | CONFIGURATION MANAGEMENT |
| 3.2.8 Ensure that the --eventrecordqps argument is set to 5 or higher or a level which ensures appropriate event capture | AUDIT AND ACCOUNTABILITY |
| 3.2.9 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.9 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.10 Ensure that the --rotate-certificates argument is not set to false | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.11 Ensure that the RotateKubeletServerCertificate argument is set to true | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Google_Kubernetes_Engine_GKE_v1.4.0_L1_Node.audit from CIS Google Kubernetes Engine (GKE) Benchmark | |
