Revision 1.11Apr 12, 2023
Functional Update
- 1.5.7 Ensure that a unique Certificate Authority is used for etcd
- 1.6.3 Create network segmentation using Network Policies
- 1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions
- 1.6.5 Apply Security Context to Your Pods and Containers
- 1.6.6 Configure Image Provenance using ImagePolicyWebhook admission controller
- 1.6.7 Configure Network policies as appropriate
- 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding
- 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp
- 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding
- 1.7.6 Do not admit root containers
- 1.7.7 Do not admit containers with dangerous capabilities
Miscellaneous
- Metadata updated.
- Platform check updated.
Removed
- CIS_Kubernetes_v1.4.1_Level_2.audit from CIS Kubernetes Benchmark v1.4.1