Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_K8S_0051Prefer using secrets as files over secrets as environment variablesKubernetesInfrastructure Security
HIGH
AC_K8S_0052Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
LOW
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_K8S_0054Ensure that the --service-account-private-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0056Ensure that the RotateKubeletServerCertificate argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0057Ensure that the --bind-address argument is set to 127.0.0.1KubernetesInfrastructure Security
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0059Ensure that the --client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0061Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0064Apply Security Context to Your Pods and ContainersKubernetesInfrastructure Security
MEDIUM
AC_K8S_0065Ensure that a unique Certificate Authority is used for etcdKubernetesInfrastructure Security
MEDIUM
AC_K8S_0066Ensure that a minimal audit policy is createdKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0067Ensure Kubernetes dashboard is not deployedKubernetesData Protection
MEDIUM
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_K8S_0069Ensure that every container image has a hash digest in all Kubernetes workloadsKubernetesInfrastructure Security
MEDIUM
AC_K8S_0070Ensure liveness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0071Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes workloadsKubernetesData Protection
MEDIUM
AC_K8S_0072Ensure readiness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0073Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configurationKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0074Ensure kernel and system level calls are not configured in all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0075Minimize the admission of containers with the NET_RAW capabilityKubernetesInfrastructure Security
MEDIUM
AC_K8S_0076Ensure mounting of hostPaths is disallowed in Kubernetes workload configurationKubernetesIdentity and Access Management
HIGH
AC_K8S_0077Ensure 'procMount' is set to default in all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0078Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configurationKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0079Ensure containers run with a high UID usually > 1000 to avoid host conflictKubernetesInfrastructure Security
MEDIUM
AC_K8S_0080Ensure that the seccomp profile is set to docker/default in pod definitionsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0081Ensure only allowed volume types are mounted for all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0082Minimize the admission of containers wishing to share the host process ID namespaceKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0083Minimize the admission of containers wishing to share the host IPC namespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0084Minimize the admission of containers wishing to share the host network namespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0085Minimize the admission of containers with allowPrivilegeEscalationKubernetesCompliance Validation
HIGH
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW
AC_K8S_0087Minimize the admission of root containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0088Ensure mounting Docker socket daemon in a container is limitedKubernetesInfrastructure Security
MEDIUM
AC_K8S_0089Ensure that the Anonymous Auth is Not EnabledKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0091Ensure that the --token-auth-file parameter is not setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0092Ensure that the --kubelet-https argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0093Ensure that the --kubelet-certificate-authority argument is set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0094Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0095Ensure that the --authorization-mode argument includes NodeKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0096Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0097Ensure CPU request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0098Ensure CPU limit is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0099Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0100Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM