Ensure TLS verification is enabled in Istio Destination Rules

MEDIUM

Description

Enabling end-to-end TLS encryption can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

Enable TLS for Istio Destination Rules by configuring 'tls' key with relevant parameters in the DestinationRule YAML configuration file. For more information on the configuration, see the Istio documentation.

References:
https://istio.io/latest/docs/reference/config/networking/destination-rule/#ClientTLSSettings

Policy Details

Rule Reference ID: AC_K8S_0123

CSP: Kubernetes

Remediation Available: No

Domain: Infrastructure Security

Resource: kubernetes_istio_destination_rule

Resource Category: Virtual Network

Resource Type: Istio

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics