last sync: 2024-Nov-05 18:53:35 UTC

[Preview]: Nexus Compute Cluster Security Baseline

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Nexus Compute Cluster Security Baseline
Id336cb876-5cb8-4795-b9d1-bd9323d3487e
Version1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
CategoryNexus
Microsoft Learn
DescriptionThis initiative includes policies designed to reflect the security baseline expectations of Nexus Compute Clusters. It ensures that the cluster configurations adhere to specific security controls that are critical for maintaining a secure environment.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 13
Builtin Policies: 13
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Kubernetes cluster containers should only use allowed capabilities c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed images febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed pull policy 50c83470-d2f0-4dda-a716-1938a4825f62 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Kubernetes cluster containers should run with a read only root file system df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pod hostPath volumes should only use allowed host paths 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods should only use allowed volume types 16697877-1118-4fb1-9b65-9898ec2509ec Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster services should listen only on allowed ports 233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster services should only use allowed external IPs d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster should not allow privileged containers 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster should not use naked pods 65280eef-c8b4-425e-9aec-af55e55bf581 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Kubernetes clusters should not allow container privilege escalation 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should not use the default namespace 9f061a12-e40d-4183-a00e-171812443373 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2024-09-26 17:50:01 add Initiative 336cb876-5cb8-4795-b9d1-bd9323d3487e
JSON compare n/a
JSON
api-version=2021-06-01
EPAC