Detections
Analytics

CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master

Audit Details

Name: CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master

Updated: 4/12/2023

Authority: CIS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 13

File Details

Filename: CIS_Kubernetes_v1.20_v1.0.1_Level_2_Master.audit

Size: 45.6 kB

MD5: 4b271afdfcba0342a11d11f9ce923080
SHA256: 6726d37b8c47f24626820ae0c9b517a2b00e2b0844ba29cfd4664194db5067fc

Audit Changelog

 
Revision 1.4

Apr 12, 2023

Functional Update
  • 1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to true
  • 2.7 Ensure that a unique Certificate Authority is used for etcd
  • 3.2.2 Ensure that the audit policy covers key security concerns
  • 5.2.6 Minimize the admission of root containers
  • 5.2.9 Minimize the admission of containers with capabilities assigned
  • 5.3.2 Ensure that all Namespaces have Network Policies defined
  • 5.4.1 Prefer using secrets as files over secrets as environment variables
  • 5.4.2 Consider external secret storage
  • 5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller
  • 5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions
  • 5.7.3 Apply Security Context to Your Pods and Containers
  • 5.7.4 The default namespace should not be used
Informational Update
  • 3.2.2 Ensure that the audit policy covers key security concerns
Miscellaneous
  • Metadata updated.
  • Platform check updated.
Removed
  • CIS_Kubernetes_v1.20_v1.0.1_Level_2_Master.audit from CIS Kubernetes v1.20 Benchmark v1.0.1
Revision 1.3

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.2

Jan 4, 2023

Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.1

Dec 7, 2022

Miscellaneous
  • Metadata updated.