CIS Amazon Elastic Kubernetes Service (EKS) Benchmark
Profile Applicability: • Level 1 Description: Kubernetes allows secrets to be mounted either as environment variables or as files in volumes. It is recom...
Wed, 23 Apr, 2025 at 2:51 AM
Profile Applicability: • Level 1 Description: Consider using an external secrets storage and management system instead of relying solely on Kubernetes Se...
Wed, 23 Apr, 2025 at 2:53 AM
Profile Applicability: • Level 1 Description: Use namespaces to isolate your Kubernetes objects to ensure logical boundaries between resources. This appr...
Wed, 23 Apr, 2025 at 2:54 AM
Profile Applicability: • Level 1 Description: Kubernetes provides a default namespace where objects are placed if no namespace is specified during their ...
Wed, 23 Apr, 2025 at 2:55 AM
Profile Applicability: • Level 1 Description: Scan images being deployed to Amazon EKS for vulnerabilities using Amazon ECR's built-in scanning funct...
Wed, 23 Apr, 2025 at 2:56 AM
Profile Applicability: • Level 1 Description: Ensure that container images deployed to Amazon EKS are scanned for vulnerabilities using Amazon ECR image s...
Wed, 23 Apr, 2025 at 3:08 AM
Profile Applicability: • Level 1 Description: Configure the Cluster Service Account with the Storage Object Viewer Role to only allow read-only access to...
Wed, 23 Apr, 2025 at 3:19 AM
Profile Applicability: • Level 1 Description: Use approved container registries. Rationale: Allowing unrestricted access to external container registri...
Wed, 23 Apr, 2025 at 3:44 AM
Profile Applicability: • Level 1 Description: Kubernetes workloads should not use cluster node service accounts to authenticate to Amazon EKS APIs. Each ...
Wed, 23 Apr, 2025 at 3:52 AM
Profile Applicability: • Level 1 Description: Encrypt Kubernetes secrets, stored in etcd, using the secrets encryption feature during Amazon EKS cluster ...
Wed, 23 Apr, 2025 at 4:37 AM