- CNTR-K8-000150 - The Kubernetes Controller Manager must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
- CNTR-K8-000160 - The Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
- CNTR-K8-000170 - The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
- CNTR-K8-000180 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.
- CNTR-K8-000190 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.
- CNTR-K8-000220 - The Kubernetes Controller Manager must create unique service accounts for each work payload.
- CNTR-K8-000270 - The Kubernetes API Server must enable Node,RBAC as the authorization mode.
- CNTR-K8-000290 - User-managed resources must be created in dedicated namespaces.
- CNTR-K8-000300 - The Kubernetes Scheduler must have secure binding.
- CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding.
- CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled.
- CNTR-K8-000330 - The Kubernetes Kubelet must have the read-only port flag disabled.
- CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set.
- CNTR-K8-000350 - The Kubernetes API server must have the secure port set.
- CNTR-K8-000360 - The Kubernetes API server must have anonymous authentication disabled.
- CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled.
- CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization.
- CNTR-K8-000400 - Kubernetes Worker Nodes must not have sshd service running.
- CNTR-K8-000410 - Kubernetes Worker Nodes must not have the sshd service enabled.
- CNTR-K8-000420 - Kubernetes dashboard must not be enabled.
- CNTR-K8-000430 - Kubernetes Kubectl cp command must give expected access and results.
- CNTR-K8-000440 - The Kubernetes kubelet static PodPath must not enable static pods.
- CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - kubelet
- CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - manifest
- CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - kubelet
- CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - manifest
- CNTR-K8-000470 - The Kubernetes API server must have Alpha APIs disabled.
- CNTR-K8-000600 - The Kubernetes API Server must have an audit policy set.
- CNTR-K8-000610 - The Kubernetes API Server must have an audit log path set.
- CNTR-K8-000700 - Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.
