CIS Google Kubernetes Engine (GKE) v1.5.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Kubernetes Engine (GKE) v1.5.0 L2

Updated: 9/17/2024

Authority: CIS

Plugin: GCP

Revision: 1.2

Estimated Item Count: 17

Audit Items

Description	Categories
4.3.2 Ensure that all Namespaces have Network Policies defined
4.4.1 Prefer using secrets as files over secrets as environment variables
4.4.2 Consider external secret storage
4.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller
4.6.2 Ensure that the seccomp profile is set to RuntimeDefault in the pod definitions
4.6.3 Apply Security Context to Pods and Containers
4.6.4 The default namespace should not be used
5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE node images
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is Enabled
5.6.1 Enable VPC Flow Logs and Intranode Visibility
5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled
5.6.6 Consider firewalling GKE worker nodes
5.6.8 Ensure use of Google-managed SSL Certificates
5.7.2 Enable Linux auditd logging
5.8.2 Manage Kubernetes RBAC users with Google Groups for GKE
5.10.3 Consider GKE Sandbox for running untrusted workloads
5.10.4 Ensure use of Binary Authorization