Item Search

NameAudit NamePluginCategory
2.1.4 Ensure Config-state is savedCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictiveCIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, MEDIA PROTECTION

3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:rootCIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, MEDIA PROTECTION

3.1.3 Ensure that the kubelet configuration file has permissions set to 600CIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, MEDIA PROTECTION

3.1.4 Ensure that the kubelet configuration file ownership is set to root:rootCIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.2 Minimize access to secretsCIS Google Kubernetes Engine (GKE) v1.6.1 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.1.9 Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictiveCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL

4.6 Ensure that HEALTHCHECK instructions have been added to container imagesCIS Docker v1.7.0 L1 Docker - LinuxUnix

SYSTEM AND SERVICES ACQUISITION

5.1.4 Minimize access to create podsCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

5.2.7 Minimize the admission of containers with the NET_RAW capabilityCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.8 Minimize the admission of containers with added capabilitiesCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.8 Minimize the admission of containers with the NET_RAW capabilityCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.8 Minimize the admission of containers with the NET_RAW capabilityCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.8 Minimize the admission of containers with the NET_RAW capabilityCIS Kubernetes v1.10.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.9 Minimize the admission of containers with added capabilitiesCIS Kubernetes v1.10.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.9 Minimize the admission of containers with added capabilitiesCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.9 Minimize the admission of containers with added capabilitiesCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.11 Minimize the admission of Windows HostProcess ContainersCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.11 Minimize the admission of Windows HostProcess ContainersCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.12 Minimize the admission of HostPath volumesCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.12 Minimize the admission of HostPath volumesCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.13 Minimize the admission of containers which use HostPortsCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.2.13 Minimize the admission of containers which use HostPortsCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

CONFIGURATION MANAGEMENT

5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controllerCIS Kubernetes v1.23 Benchmark v1.0.1 L2 MasterUnix

CONFIGURATION MANAGEMENT

5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controllerCIS Kubernetes v1.10.0 L2 MasterUnix

CONFIGURATION MANAGEMENT

5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controllerCIS Kubernetes v1.20 Benchmark v1.0.1 L2 MasterUnix

CONFIGURATION MANAGEMENT

5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controllerCIS Kubernetes v1.24 Benchmark v1.0.0 L2 MasterUnix

CONFIGURATION MANAGEMENT

5.15 Ensure that the 'on-failure' container restart policy is set to '5'CIS Docker v1.7.0 L1 Docker - LinuxUnix

CONFIGURATION MANAGEMENT