Checklist Summary:

This document provides prescriptive guidance for running Azure Kubernetes Service (AKS) following recommended security controls. This benchmark only includes controls which can be modified by an end user of Azure AKS and is designed to supersede all previous version of the Azure Kubernetes Service (AKS) Benchmark. It addresses and has been tested against Kubernetes version/s 1.26, 1.25 and 1.24. As a rule, this benchmark will address the Kubernetes versions available for cluster creation at the beginning of the consensus release period and will address Kubernetes versions that become available after that date in the next release. To obtain the latest version of this guide, please visit www.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at support@cisecurity.org.

Checklist Role:

• Business Productivity Application
• Virtualization Server

Known Issues:

Not provided.

Target Audience:

This document is intended for cluster administrators, security specialists, auditors, and any personnel who plan to develop, deploy, assess, or secure solutions that incorporate Azure Kubernetes Service (AKS) using managed and self-managed nodes.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

support@cisecurity.org

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

new checklist - 2/26/24
updated status to FINAL - 3/28/24

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 03/28/2024