Configure the "bind-address" argument to organizational standards.

Back

CONTROL ID
14601

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Configure "Kubernetes" to organizational standards., CC ID: 14528

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Ensure that the --bind-address argument is set to 127.0.0.1 Description: Do not bind the Controller Manager service to non-loopback insecure addresses. Rationale: The Controller Manager API service which runs on port 10252/TCP by default is used for health and metrics information and is available wi… (1.3.7, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
Ensure that the --bind-address argument is set to 127.0.0.1 Description: Do not bind the scheduler service to non-loopback insecure addresses. Rationale: The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authenticati… (1.4.2, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
Ensure that the --bind-address argument is set to 127.0.0.1 Description: Do not bind the scheduler service to non-loopback insecure addresses. Rationale: The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authenticati… (1.4.2, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)
Ensure that the --bind-address argument is set to 127.0.0.1 Description: Do not bind the Controller Manager service to non-loopback insecure addresses. Rationale: The Controller Manager API service which runs on port 10252/TCP by default is used for health and metrics information and is available wi… (1.3.7, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)