Back

Configure the "admission control plugin SecurityContextDeny" to organizational standards.


CONTROL ID
14569
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure "Kubernetes" to organizational standards., CC ID: 14528

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Description: The SecurityContextDeny admission controller can be used to deny pods which make use of some SecurityContext fields which could allow for privilege escalation in the cluster. This should… (1.2.13, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
  • Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Description: The SecurityContextDeny admission controller can be used to deny pods which make use of some SecurityContext fields which could allow for privilege escalation in the cluster. This should… (1.2.13, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)