C-0068 - PSP enabled
Prerequisites
Integrate with cloud provider (see here)
Framework
MITRE, ArmoBest, NSA, AllControls
Severity
Low
Description of the the issue
Pod Security Policies enable fine-grained authorization of pod creation and updates and it extends authorization beyond RBAC. It is an important to use PSP to control the creation of sensitive pods in your cluster.
Related resources
Pod
What does this control test
Reading the cluster description from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if PSP is enabled
Remediation
Turn Pod Security Policies on in your cluster, if you use other admission controllers to control the behavior that PSP controls, exclude this control from your scans
Example
No example
Updated 11 days ago