Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS - EKS Stig Kubernetes V1r6 > Policies >

Policies - DISA Category Code I

N/A
Source
Kube Bench
ID
4.1
Version
eks-stig-kubernetes-v1r6

4.1 Policies - DISA Category Code I

V-242381 The Kubernetes Controller Manager must create unique service accounts for each work payload. (Manual)

Create explicit service accounts wherever a Kubernetes workload requires specific access to the Kubernetes API server. Modify the configuration of each default service account to include this value automountServiceAccountToken: false

V-242383 User-managed resources must be created in dedicated namespaces. (Manual)

Move any user-managed resources from the default, kube-public and kube-node-lease namespaces, to user namespaces.

V-242417 Kubernetes must separate user functionality. (Manual)

Move any user pods that are present in the Kubernetes system namespaces to user specific namespaces.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use