Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0011Ensure that the --streaming-connection-idle-timeout argument is not set to 0KubernetesCompliance Validation
LOW
AC_K8S_0012Ensure that the --protect-kernel-defaults argument is set to trueKubernetesIdentity and Access Management
LOW
AC_K8S_0022Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedKubernetesIdentity and Access Management
HIGH
AC_K8S_0027Ensure that the --insecure-bind-address argument is not setKubernetesInfrastructure Security
HIGH
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0037Ensure that the --service-account-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0049Ensure ALLOW-with-positive-matching exist for Istio Authorization ObjectKubernetesInfrastructure Security
MEDIUM
AC_K8S_0050Ensure custom snippets annotations is not set to true for Ingress-nginx controller deployment's Kubernetes Config MapKubernetesSecurity Best Practices
HIGH
AC_K8S_0057Ensure that the --bind-address argument is set to 127.0.0.1KubernetesInfrastructure Security
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0075Minimize the admission of containers with the NET_RAW capabilityKubernetesInfrastructure Security
MEDIUM
AC_K8S_0076Ensure mounting of hostPaths is disallowed in Kubernetes workload configurationKubernetesIdentity and Access Management
HIGH
AC_K8S_0084Minimize the admission of containers wishing to share the host network namespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0097Ensure CPU request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0101Minimize access to secretsKubernetesIdentity and Access Management
HIGH
AC_K8S_0105Ensure use of creating Kubernetes rolebindings and attaching Kubernetes roles is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0117Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes NamespaceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0118Ensure overly broad host configuration is not allowed for Istio GatewayKubernetesInfrastructure Security
HIGH
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0004Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event captureKubernetesLogging and Monitoring
LOW
AC_K8S_0007Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
HIGH
AC_K8S_0025Ensure default name space is not in use in Kubernetes NamespaceKubernetesSecurity Best Practices
LOW
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0034Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0043Ensure that the API Server only makes use of Strong Cryptographic CiphersKubernetesData Protection
MEDIUM
AC_K8S_0048Ensure default routes are set for Istio servicesKubernetesSecurity Best Practices
LOW
AC_K8S_0056Ensure that the RotateKubeletServerCertificate argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0059Ensure that the --client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0061Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0064Apply Security Context to Your Pods and ContainersKubernetesInfrastructure Security
MEDIUM
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_K8S_0069Ensure that every container image has a hash digest in all Kubernetes workloadsKubernetesInfrastructure Security
MEDIUM
AC_K8S_0070Ensure liveness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0072Ensure readiness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0073Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configurationKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0077Ensure 'procMount' is set to default in all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0079Ensure containers run with a high UID usually > 1000 to avoid host conflictKubernetesInfrastructure Security
MEDIUM
AC_K8S_0081Ensure only allowed volume types are mounted for all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW
AC_K8S_0087Minimize the admission of root containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0096Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0099Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0100Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0103Minimize access to create podsKubernetesIdentity and Access Management
HIGH
AC_K8S_0112Ensure the use of externalIPs is restricted for Kubernetes serviceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0114Ensure the use of selector is enforced for Kubernetes Ingress or LoadBalancer serviceKubernetesInfrastructure Security
LOW