AC_K8S_0013 | Ensure an owner key with proper label is set for Kubernetes namespace | Kubernetes | Security Best Practices | LOW |
AC_K8S_0014 | Ensure Kubernetes Network policy does not allow ingress from public IPs to query DNS | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0015 | Ensure Kubernetes Network policy does not allow ingress from public IPs to SSH | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0016 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access sql servers | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0017 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access Redis servers | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0018 | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0019 | Ensure that the admission control plugin EventRateLimit is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0023 | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0030 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0033 | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0036 | Ensure that the --service-account-lookup argument is set to true | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0039 | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0040 | Ensure that a Client CA File is Configured | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0042 | Ensure that the --encryption-provider-config argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0051 | Prefer using secrets as files over secrets as environment variables | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0052 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | LOW |
AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0067 | Ensure Kubernetes dashboard is not deployed | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0082 | Minimize the admission of containers wishing to share the host process ID namespace | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0088 | Ensure mounting Docker socket daemon in a container is limited | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0094 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0098 | Ensure CPU limit is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0106 | Ensure that the cluster-admin role is only used where required | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0107 | Ensure pod/attach create roles are minimized in Kubernetes cluster in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0111 | Ensure for exposing Kubernetes workload to the internet, NodePort service is not used | Kubernetes | Infrastructure Security | LOW |
AC_K8S_0115 | Ensure security context is applied to pods and containers with SELinux configured | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0120 | Ensure large virtual services are split into multiple resources for Istio Virtual Services | Kubernetes | Security Best Practices | LOW |
AC_K8S_0124 | Ensure envoy proxies are not configured in permissive mode in Istio Peer Authentication | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0126 | Ensure Kubernetes hot-patch daemonset for Log4j2 is applied | Kubernetes | Configuration and Vulnerability Analysis | HIGH |