kube-bench/cfg/cis-1.6/controlplane.yaml

---
controls:
version: 1.6
id: 3
text: "Control Plane Configuration"
type: "controlplane"
groups:
  - id: 3.1
    text: "Authentication and Authorization"
    checks:
      - id: 3.1.1
        text: "Client certificate authentication should not be used for users (Manual)"
        type: "manual"
        remediation: |
          Alternative mechanisms provided by Kubernetes such as the use of OIDC should be
          implemented in place of client certificates.
        scored: false

  - id: 3.2
    text: "Logging"
    checks:
      - id: 3.2.1
        text: "Ensure that a minimal audit policy is created (Manual)"
        type: "manual"
        remediation: |
          Create an audit policy file for your cluster.
        scored: false

      - id: 3.2.2
        text: "Ensure that the audit policy covers key security concerns (Manual)"
        type: "manual"
        remediation: |
          Consider modification of the audit policy in use on the cluster to include these items, at a
          minimum.
        scored: false
Add cis 1.6 (#678) * Add new cis version yamls Add new cis version yamls * Add new cis version yamls * Add cis-1.6 to versions table * support version mapping cis-1.6 * support version mapping cis-1.6 * Update controlplane.yaml * Update etcd.yaml * Update node.yaml * Update policies.yaml * Create job.data * Create job-node.data * Create job-master.data * Create add-tls-kind.yaml * Change node version to 1.15.0 * Add tests for cis-1.6 * Delete node_only.yaml * Change tests 1.1.19-1.1.21 Change 1.1.19-1.1.21 because failing tests * Update job.data * Update job-master.data * Update job-master.data * Update job.data * fix 1.2.35 remediation tabs instead of spaces * Update job-master.data * Remove extra space * Update job.data * Create node_only.yaml * Add tests for cis-1.6 Add tests for cis-1.6 and change some from 1,5 to 1.6 * Fix typo * Add mapping for cis-1.6 * Remove extra space in 1.2.35 remediation * Update job.data * Update job-master.data * Fix type 1.2.35 * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support 2020-09-17 15:54:43 +00:00			`---`
			`controls:`
			`version: 1.6`
			`id: 3`
			`text: "Control Plane Configuration"`
			`type: "controlplane"`
			`groups:`
			`- id: 3.1`
			`text: "Authentication and Authorization"`
			`checks:`
			`- id: 3.1.1`
			`text: "Client certificate authentication should not be used for users (Manual)"`
			`type: "manual"`
			`remediation: \|`
			`Alternative mechanisms provided by Kubernetes such as the use of OIDC should be`
			`implemented in place of client certificates.`
			`scored: false`

			`- id: 3.2`
			`text: "Logging"`
			`checks:`
			`- id: 3.2.1`
			`text: "Ensure that a minimal audit policy is created (Manual)"`
			`type: "manual"`
			`remediation: \|`
			`Create an audit policy file for your cluster.`
			`scored: false`

			`- id: 3.2.2`
			`text: "Ensure that the audit policy covers key security concerns (Manual)"`
			`type: "manual"`
			`remediation: \|`
			`Consider modification of the audit policy in use on the cluster to include these items, at a`
			`minimum.`
			`scored: false`