Minimize Access to Pod Creation

An XCCDF Rule

Details
Profiles

Description

The ability to create pods in a namespace can provide a number of opportunities for privilege escalation. Where applicable, remove create access to pod objects in the cluster.

Rationale

The ability to create pods in a cluster opens up the cluster for privilege escalation.

ID: xccdf_org.ssgproject.content_rule_rbac_pod_creation_access
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)

Req-2.2

5.1.4

SRG-APP-000516-CTR-001325

2.2 2.2.1
Updated: over 1 year ago