Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Amazon Elastic Kubernetes Service
Kubernetes Settings
Kubernetes - Registry Security Practices
Kubernetes - Registry Security Practices
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Kubernetes - Registry Security Practices
4 Rules
Contains evaluations for Kubernetes registry security practices, and cluster-wide registry configuration.
Only use approved container registries
Unknown Severity
Use approved container registries.
Ensure Image Vulnerability Scanning
Unknown Severity
Scan images being deployed to Amazon EKS for vulnerabilities.
Ensure Cluster Service Account with read-only access to Amazon ECR
Unknown Severity
Configure the Cluster Service Account with Storage Object Viewer Role to only allow read- only access to Amazon ECR.
Minimize user access to Amazon ECR
Unknown Severity
Restrict user access to Amazon ECR, limiting interaction with build images to only authorized personnel and service accounts.