Back

Configure "etcd" to organizational standards.


CONTROL ID
14535
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the "auto-tls" argument to organizational standards., CC ID: 14621
  • Configure the "peer-auto-tls" argument to organizational standards., CC ID: 14636
  • Configure the "peer-client-cert-auth" argument to organizational standards., CC ID: 14614
  • Configure the "peer-cert-file" argument to organizational standards., CC ID: 14606
  • Configure the "key-file" argument to organizational standards., CC ID: 14604
  • Configure the "cert-file" argument to organizational standards., CC ID: 14602
  • Configure the "client-cert-auth" argument to organizational standards., CC ID: 14596
  • Configure the "peer-key-file" argument to organizational standards., CC ID: 14595


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Ensure that a unique Certificate Authority is used for etcd Description: Use a different certificate authority for etcd from the one used for Kubernetes. Rationale: etcd is a highly available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. Its ac… (2.7, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)