Details
Configure Image Provenance for your deployment.
Rationale:
Kubernetes supports plugging in provenance rules to accept or reject the images in your deployments. You could configure such rules to ensure that only approved images are deployed in the cluster.
Impact:
You need to regularly maintain your provenance configuration based on container image updates.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Follow the Kubernetes documentation and setup image provenance.
Default Value:
By default, image provenance is not set.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.