STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Kubernetes API server must have Alpha APIs disabled.

DISA Rule

SV-242400r712556_rule

Vulnerability Number

V-242400

Group Title

SRG-APP-000033-CTR-000090

Rule Version

CNTR-K8-000470

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Edit any manifest files that contain the feature-gates setting with AllAlpha set to "true". Set the flag to "false" or remove the AllAlpha setting completely.
(AllAlpha- default=false)

Check Contents

On the Master node, change to the manifests' directory at /etc/kubernetes/manifests and run the command:

grep -i feature-gates *

Review the feature-gates setting, if one is returned.

If the feature-gates setting is available and contains the AllAlpha flag set to "true", this is a finding.

Vulnerability Number

V-242400

Documentable

False

Rule Version

CNTR-K8-000470

Severity Override Guidance

On the Master node, change to the manifests' directory at /etc/kubernetes/manifests and run the command:

grep -i feature-gates *

Review the feature-gates setting, if one is returned.

If the feature-gates setting is available and contains the AllAlpha flag set to "true", this is a finding.

Check Content Reference

M

Target Key

5376

Comments