SC-8

1 rule found Severity: Medium

1 rule found Severity: High

2 rules found Severity: High

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

15 rules found Severity: Medium

19 rules found Severity: Medium

1 rule found Severity: Medium

Configure the Client Certificate Authority for the API Server

Configure the etcd Certificate Authority for the API Server

Configure the etcd Certificate for the API Server

Configure the etcd Certificate Key for the API Server

Ensure that the --kubelet-https argument is set to true

Configure the kubelet Certificate Authority for the API Server

Configure the kubelet Certificate File for the API Server

Configure the kubelet Certificate Key for the API Server

Ensure the openshift-oauth-apiserver service uses TLS

Configure the Certificate for the API Server

Configure the Certificate Key for the API Server

Ensure APIServer is configured with secure tlsSecurityProfile

Ensure custom tlsSecurityProfile configured for APIServer uses secure TLS version

Ensure APIServer is not configured with Old tlsSecurityProfile

Only Use LDAP-based IdPs with TLS

Ensure Controller insecure port argument is unset

Ensure that the RotateKubeletServerCertificate argument is set

Ensure Controller secure-port argument is set

Configure the Service Account Certificate Authority Key for the Controller Manager

Configure the Service Account Private Key for the Controller Manager

Disable etcd Self-Signed Certificates

Ensure That The etcd Client Certificate Is Correctly Set

Enable The Client Certificate Authentication

Ensure That The etcd Key File Is Correctly Set

Disable etcd Peer Self-Signed Certificates

Ensure That The etcd Peer Client Certificate Is Correctly Set

Enable The Peer Client Certificate Authentication

Ensure That The etcd Peer Key File Is Correctly Set

Ensure That The kubelet Client Certificate Is Correctly Set

Ensure That The kubelet Server Key Is Correctly Set

Ensure Kubelet is configured with allowed TLS versions

Verify Any Configured IPSec Tunnel Connections

Enable the OpenSSH Service

Ensure IngressController is configured to use secure tlsSecurityProfile

Ensure custom tlsSecurityProfile configured for IngressController uses secure TLS version

Ensure IngressController is not configured to use Old tlsSecurityProfile

Ensure that all OpenShift Routes prefer TLS

Ensure that the bind-address parameter is not used

Deactivate Wireless Network Interfaces