Back

Configure the "service-account-key-file" argument to organizational standards.


CONTROL ID
14581
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure "Kubernetes" to organizational standards., CC ID: 14528

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure that the --service-account-key-file argument is set as appropriate Description: Explicitly set a service account public key file for service accounts on the apiserver. Rationale: By default, if no `--service-account-key-file` is specified to the apiserver, it uses the private key from the TLS… (1.2.28, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
  • Ensure that the --service-account-key-file argument is set as appropriate Description: Explicitly set a service account public key file for service accounts on the apiserver. Rationale: By default, if no `--service-account-key-file` is specified to the apiserver, it uses the private key from the TLS… (1.2.28, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)