AzInitiativeAdvertizer

last sync: 2025-Jun-13 17:22:48 UTC

[Preview]: Kubernetes cluster should follow the security control recommendations of Center for Internet Security (CIS) Kubernetes benchmark

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Kubernetes cluster should follow the security control recommendations of Center for Internet Security (CIS) Kubernetes benchmark
Id4fd005fd-51be-478f-a8fb-149d48b20d48
Version1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
CategoryKubernetes
Microsoft Learn
DescriptionThis initiative includes the policies for the security recommendation for Center for Internet Security (CIS) Kubernetes benchmark, you can use this initiative to stay compliant with CIS Kubernetes benchmark. For more information of CIS compliance, visit: https://aka.ms/aks/cis-kubernetes
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.0.0-preview'
Repository: Azure-Policy 4fd005fd-51be-478f-a8fb-149d48b20d48
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 7
Builtin Policies: 7
Static Policies: 0
GA: 7
1 categories:
Kubernetes: 7
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
Kubernetes cluster containers should not share host process ID or host IPC namespace 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes 5.2.0 2x
5.2.0, 5.1.0		 Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA true
Kubernetes cluster pod hostPath volumes should only use allowed host paths 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes 6.2.0 2x
6.2.0, 6.1.1		 Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA true
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes 6.2.0 2x
6.2.0, 6.1.0		 Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA true
Kubernetes cluster should not allow privileged containers 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes 9.2.0 2x
9.2.0, 9.1.0		 Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA true
Kubernetes clusters should ensure that the cluster-admin role is only used where required a3dc4946-dba6-43e6-950d-f96532848c9f Kubernetes 1.1.0 2x
1.1.0, 1.0.0		 Default
Audit
Allowed
Audit, Disabled		 0 GA true
Kubernetes clusters should minimize wildcard use in role and cluster role ca8d5704-aa2b-40cf-b110-dc19052825ad Kubernetes 1.1.0 2x
1.1.0, 1.0.0		 Default
Audit
Allowed
Audit, Disabled		 0 GA true
Kubernetes clusters should not allow container privilege escalation 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes 7.2.0 2x
7.2.0, 7.1.0		 Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA true
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2025-05-27 20:12:11 add Initiative 4fd005fd-51be-478f-a8fb-149d48b20d48
JSON compare n/a
JSON
api-version=2023-04-01
EPAC