Checklist Summary:

This document provides prescriptive guidance for establishing a secure configuration posture for Kubernetes 1.19 - 1.20. To obtain the latest version of this guide, please visit www.cisecurity.org . If you have questions, comments, or have identified ways to improve this guide, please write us at support@cisecurity.org. **Special Note: **The set of configuration files mentioned anywhere throughout this benchmark document may vary according to the deployment tool and the platform. Any reference to a configuration file should be modified according to the actual configuration files used on the specific deployment. For example, the configuration file for the Kubernetes API server installed by the kubeadm tool may be found in /etc/kubernetes/manifests/kube-apiserver.yaml, but the same file may be called /etc/kubernetes/manifests/kube-apiserver.manifest when installed by kops or kubespray.

Checklist Role:

• Virtualization Server

Known Issues:

Not provided.

Target Audience:

This document is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Kubernetes 1.19 - 1.20.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

support@cisecurity.org

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

new checklist - 2/28/24
updated status to FINAL - 3/28/24

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 03/28/2024