Ensure Seccomp Profile Pod Definitions

Description

Enable default seccomp profiles in your pod definitions.

Rationale

Seccomp (secure computing mode) is used to restrict the set of system calls applications can make, allowing cluster administrators greater control over the security of workloads running in the cluster. Kubernetes disables seccomp profiles by default for historical reasons. You should enable it to ensure that the workloads have restricted actions available within the container.

ID: xccdf_org.ssgproject.content_rule_general_default_seccomp_profile
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)

Req-2.2

SRG-APP-000516-CTR-001325

5.7.2
Updated: about 1 year ago