Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0073Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configurationKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0079Ensure containers run with a high UID usually > 1000 to avoid host conflictKubernetesInfrastructure Security
MEDIUM
AC_K8S_0099Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0100Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0078Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configurationKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0097Ensure CPU request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0105Ensure use of creating Kubernetes rolebindings and attaching Kubernetes roles is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0025Ensure default name space is not in use in Kubernetes NamespaceKubernetesSecurity Best Practices
LOW
AC_K8S_0116Ensure Kubernetes Network policy attached to a pod have Ingress/Egress blocks specifiedKubernetesInfrastructure Security
MEDIUM
AC_K8S_0108Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes RoleKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0076Ensure mounting of hostPaths is disallowed in Kubernetes workload configurationKubernetesIdentity and Access Management
HIGH
AC_K8S_0098Ensure CPU limit is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0115Ensure security context is applied to pods and containers with SELinux configuredKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0117Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes NamespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0107Ensure pod/attach create roles are minimized in Kubernetes cluster in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0034Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0102Ensure impersonate access to Kubernetes resources is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0067Ensure Kubernetes dashboard is not deployedKubernetesData Protection
MEDIUM
AC_K8S_0014Ensure Kubernetes Network policy does not allow ingress from public IPs to query DNSKubernetesInfrastructure Security
HIGH
AC_K8S_0015Ensure Kubernetes Network policy does not allow ingress from public IPs to SSHKubernetesInfrastructure Security
HIGH
AC_K8S_0016Ensure Kubernetes Network policy does not allow ingress from public IPs to access sql serversKubernetesInfrastructure Security
HIGH
AC_K8S_0017Ensure Kubernetes Network policy does not allow ingress from public IPs to access Redis serversKubernetesInfrastructure Security
HIGH
AC_K8S_0059Ensure that the --client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0091Ensure that the --token-auth-file parameter is not setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0033Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0075Minimize the admission of containers with the NET_RAW capabilityKubernetesInfrastructure Security
MEDIUM
AC_K8S_0066Ensure that a minimal audit policy is createdKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0006Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0080Ensure that the seccomp profile is set to docker/default in pod definitionsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0039Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0103Minimize access to create podsKubernetesIdentity and Access Management
HIGH
AC_K8S_0101Minimize access to secretsKubernetesIdentity and Access Management
HIGH
AC_K8S_0046Minimize the admission of privileged containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_K8S_0087Minimize the admission of root containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0045Ensure that Service Account Tokens are only mounted where necessaryKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0113Ensure that default service accounts are not actively used.KubernetesIdentity and Access Management
MEDIUM
AC_K8S_0084Minimize the admission of containers wishing to share the host network namespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0083Minimize the admission of containers wishing to share the host IPC namespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0085Minimize the admission of containers with allowPrivilegeEscalationKubernetesCompliance Validation
HIGH