Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0019Ensure that the admission control plugin EventRateLimit is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0022Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedKubernetesIdentity and Access Management
HIGH
AC_K8S_0027Ensure that the --insecure-bind-address argument is not setKubernetesInfrastructure Security
HIGH
AC_K8S_0037Ensure that the --service-account-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0057Ensure that the --bind-address argument is set to 127.0.0.1KubernetesInfrastructure Security
MEDIUM
AC_K8S_0024Ensure that the admission control plugin NamespaceLifecycle is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0095Ensure that the --authorization-mode argument includes NodeKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0093Ensure that the --kubelet-certificate-authority argument is set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0054Ensure that the --service-account-private-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0130Ensure that the --profiling argument is set to falseKubernetesCompliance Validation
MEDIUM
AC_K8S_0021Ensure that the admission control plugin AlwaysPullImages is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0026Ensure that the admission control plugin NodeRestriction is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_K8S_0043Ensure that the API Server only makes use of Strong Cryptographic CiphersKubernetesData Protection
MEDIUM
AC_K8S_0096Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0131Ensure that the --bind-address argument is set to 127.0.0.1KubernetesCompliance Validation
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0029Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0035Ensure that the --request-timeout argument is set as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0092Ensure that the --kubelet-https argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0034Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0023Ensure that the admission control plugin ServiceAccount is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0036Ensure that the --service-account-lookup argument is set to trueKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0052Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
LOW
AC_K8S_0091Ensure that the --token-auth-file parameter is not setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0061Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0033Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0059Ensure that the --client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0075Minimize the admission of containers with the NET_RAW capabilityKubernetesInfrastructure Security
MEDIUM
AC_K8S_0066Ensure that a minimal audit policy is createdKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0039Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0101Minimize access to secretsKubernetesIdentity and Access Management
HIGH
AC_K8S_0103Minimize access to create podsKubernetesIdentity and Access Management
HIGH