CIS Kubernetes v1.11.1 L2 Master Node

Audit Details

Name: CIS Kubernetes v1.11.1 L2 Master Node

Updated: 7/29/2025

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 15

File Details

Filename: CIS_Kubernetes_v1.11.1_L2_Master_Node.audit

Size: 44.7 kB

MD5: 32ac7de6e69fbd9da682f9f6f934faa1
SHA256: 4360cb2ed0822f8597d64464f60dea212ef114457fe4461fbcda3fc47a438d4c

Audit Items

DescriptionCategories
1.2.12 Ensure that the admission control plugin ServiceAccount is set

ACCESS CONTROL, MEDIA PROTECTION

1.2.13 Ensure that the admission control plugin NamespaceLifecycle is set

CONFIGURATION MANAGEMENT

1.2.14 Ensure that the admission control plugin NodeRestriction is set

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Ensure that a unique Certificate Authority is used for etcd

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.2.2 Ensure that the audit policy covers key security concerns

AUDIT AND ACCOUNTABILITY

5.2.7 Minimize the admission of root containers

ACCESS CONTROL

5.2.10 Minimize the admission of containers with capabilities assigned

CONFIGURATION MANAGEMENT

5.3.2 Ensure that all Namespaces have Network Policies defined

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.1 Prefer using secrets as files over secrets as environment variables

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.2 Consider external secret storage

SYSTEM AND COMMUNICATIONS PROTECTION

5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller

CONFIGURATION MANAGEMENT

5.6.2 Ensure that the seccomp profile is set to docker/default in your pod definitions

CONFIGURATION MANAGEMENT

5.6.3 Apply Security Context to Your Pods and Containers

CONFIGURATION MANAGEMENT

5.6.4 The default namespace should not be used

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_Kubernetes_v1.11.1_L2_Master_Node.audit from CIS Kubernetes Benchmark v1.11.1