From ad0448ad878334cf8ef53bf5640f14f4211662fe Mon Sep 17 00:00:00 2001 From: David Wertenteil Date: Wed, 18 Oct 2023 18:22:38 +0300 Subject: [PATCH] use cluster scope instead of aks Signed-off-by: David Wertenteil --- controls/C-0239-preferusingdedicatedaksserviceaccounts.json | 2 +- .../C-0240-ensurenetworkpolicyisenabledandsetasappropriate.json | 2 +- controls/C-0241-useazurerbacforkubernetesauthorization.json | 2 +- controls/C-0242-hostilemultitenantworkloads.json | 2 +- ...ingusingazuredefenderimagescanningorathirdpartyprovider.json | 2 +- controls/C-0244-ensurekubernetessecretsareencrypted.json | 2 +- ...5-encrypttraffictohttpsloadbalancerswithtlscertificates.json | 2 +- controls/C-0247-restrictaccesstothecontrolplaneendpoint.json | 2 +- controls/C-0248-ensureclustersarecreatedwithprivatenodes.json | 2 +- controls/C-0249-restrictuntrustedworkloads.json | 2 +- ...mizeclusteraccesstoreadonlyforazurecontainerregistryacr.json | 2 +- ...reatedwithprivateendpointenabledandpublicaccessdisabled.json | 2 +- controls/C-0254-enableauditlogs.json | 2 +- frameworks/cis-aks-t1.2.0.json | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/controls/C-0239-preferusingdedicatedaksserviceaccounts.json b/controls/C-0239-preferusingdedicatedaksserviceaccounts.json index a2159db1f..bf35e66d9 100644 --- a/controls/C-0239-preferusingdedicatedaksserviceaccounts.json +++ b/controls/C-0239-preferusingdedicatedaksserviceaccounts.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0240-ensurenetworkpolicyisenabledandsetasappropriate.json b/controls/C-0240-ensurenetworkpolicyisenabledandsetasappropriate.json index 5faee94ea..05f47cd82 100644 --- a/controls/C-0240-ensurenetworkpolicyisenabledandsetasappropriate.json +++ b/controls/C-0240-ensurenetworkpolicyisenabledandsetasappropriate.json @@ -19,7 +19,7 @@ "default_value": "By default, Network Policy is disabled.", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0241-useazurerbacforkubernetesauthorization.json b/controls/C-0241-useazurerbacforkubernetesauthorization.json index c49ccdac6..e6c1b427e 100644 --- a/controls/C-0241-useazurerbacforkubernetesauthorization.json +++ b/controls/C-0241-useazurerbacforkubernetesauthorization.json @@ -17,7 +17,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0242-hostilemultitenantworkloads.json b/controls/C-0242-hostilemultitenantworkloads.json index 62e98a3bb..57ba789a3 100644 --- a/controls/C-0242-hostilemultitenantworkloads.json +++ b/controls/C-0242-hostilemultitenantworkloads.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0243-ensureimagevulnerabilityscanningusingazuredefenderimagescanningorathirdpartyprovider.json b/controls/C-0243-ensureimagevulnerabilityscanningusingazuredefenderimagescanningorathirdpartyprovider.json index daa7c6d2e..807ae9e27 100644 --- a/controls/C-0243-ensureimagevulnerabilityscanningusingazuredefenderimagescanningorathirdpartyprovider.json +++ b/controls/C-0243-ensureimagevulnerabilityscanningusingazuredefenderimagescanningorathirdpartyprovider.json @@ -19,7 +19,7 @@ "default_value": "Images are not scanned by Default.", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0244-ensurekubernetessecretsareencrypted.json b/controls/C-0244-ensurekubernetessecretsareencrypted.json index 3bb263573..ba9532a2b 100644 --- a/controls/C-0244-ensurekubernetessecretsareencrypted.json +++ b/controls/C-0244-ensurekubernetessecretsareencrypted.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0245-encrypttraffictohttpsloadbalancerswithtlscertificates.json b/controls/C-0245-encrypttraffictohttpsloadbalancerswithtlscertificates.json index d2c800b01..88f969af4 100644 --- a/controls/C-0245-encrypttraffictohttpsloadbalancerswithtlscertificates.json +++ b/controls/C-0245-encrypttraffictohttpsloadbalancerswithtlscertificates.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0247-restrictaccesstothecontrolplaneendpoint.json b/controls/C-0247-restrictaccesstothecontrolplaneendpoint.json index b9d730671..4dafa07fc 100644 --- a/controls/C-0247-restrictaccesstothecontrolplaneendpoint.json +++ b/controls/C-0247-restrictaccesstothecontrolplaneendpoint.json @@ -19,7 +19,7 @@ "default_value": "By default, Endpoint Private Access is disabled.", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0248-ensureclustersarecreatedwithprivatenodes.json b/controls/C-0248-ensureclustersarecreatedwithprivatenodes.json index aca15749d..e2e652624 100644 --- a/controls/C-0248-ensureclustersarecreatedwithprivatenodes.json +++ b/controls/C-0248-ensureclustersarecreatedwithprivatenodes.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0249-restrictuntrustedworkloads.json b/controls/C-0249-restrictuntrustedworkloads.json index e2c5d3123..9baf820a7 100644 --- a/controls/C-0249-restrictuntrustedworkloads.json +++ b/controls/C-0249-restrictuntrustedworkloads.json @@ -20,7 +20,7 @@ "default_value": "ACI is not a default component of the AKS", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0250-minimizeclusteraccesstoreadonlyforazurecontainerregistryacr.json b/controls/C-0250-minimizeclusteraccesstoreadonlyforazurecontainerregistryacr.json index 674e4c2b6..0244eb587 100644 --- a/controls/C-0250-minimizeclusteraccesstoreadonlyforazurecontainerregistryacr.json +++ b/controls/C-0250-minimizeclusteraccesstoreadonlyforazurecontainerregistryacr.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } diff --git a/controls/C-0252-ensureclustersarecreatedwithprivateendpointenabledandpublicaccessdisabled.json b/controls/C-0252-ensureclustersarecreatedwithprivateendpointenabledandpublicaccessdisabled.json index 15d9a5c14..649461739 100644 --- a/controls/C-0252-ensureclustersarecreatedwithprivateendpointenabledandpublicaccessdisabled.json +++ b/controls/C-0252-ensureclustersarecreatedwithprivateendpointenabledandpublicaccessdisabled.json @@ -19,7 +19,7 @@ "default_value": "", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/controls/C-0254-enableauditlogs.json b/controls/C-0254-enableauditlogs.json index eb9ef642f..399f3458b 100644 --- a/controls/C-0254-enableauditlogs.json +++ b/controls/C-0254-enableauditlogs.json @@ -19,7 +19,7 @@ "default_value": "By default, cluster control plane logs aren't sent to be Logged.", "scanningScope": { "matches": [ - "AKS" + "cluster" ] } } \ No newline at end of file diff --git a/frameworks/cis-aks-t1.2.0.json b/frameworks/cis-aks-t1.2.0.json index 7eac30cec..a3d83ccef 100644 --- a/frameworks/cis-aks-t1.2.0.json +++ b/frameworks/cis-aks-t1.2.0.json @@ -7,7 +7,7 @@ }, "scanningScope": { "matches": [ - "AKS" + "cluster" ] }, "typeTags": ["compliance"],