Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS 1.20 > Kubernetes Policies >

General Policies

N/A
Source
Kube Bench
ID
5.7
Version
cis-1.20

5.7 General Policies

5.7.1 Create administrative boundaries between resources using namespaces (Manual)

Follow the documentation and create namespaces for objects in your deployment as you need them.

5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions (Manual)

Use security context to enable the docker/default seccomp profile in your pod definitions. An example is as below: securityContext: seccompProfile: type: RuntimeDefault

5.7.3 Apply Security Context to Your Pods and Containers (Manual)

Follow the Kubernetes documentation and apply security contexts to your pods. For a suggested list of security contexts, you may refer to the CIS Security Benchmark for Docker Containers.

5.7.4 The default namespace should not be used (Manual)

Ensure that namespaces are created to allow for appropriate segregation of Kubernetes resources and that all new resources are created in a specific namespace.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use