| 💼 5.1 RBAC and Service Accounts | 6 | | | | no data |
|  💼 5.1.1 Ensure that the cluster-admin role is only used where required (Not Scored) | | | | | no data |
|  💼 5.1.2 Minimize access to secrets (Not Scored) | | | | | no data |
|  💼 5.1.3 Minimize wildcard use in Roles and ClusterRoles (Not Scored) | | | | | no data |
|  💼 5.1.4 Minimize access to create pods (Not Scored) | | | | | no data |
|  💼 5.1.5 Ensure that default service accounts are not actively used. (Scored) | | | | | no data |
|  💼 5.1.6 Ensure that Service Account Tokens are only mounted where necessary (Not Scored) | | | | | no data |
| 💼 5.2 Pod Security Policies | 9 | | | | no data |
|  💼 5.2.1 Minimize the admission of privileged containers (Scored) | | | | | no data |
|  💼 5.2.2 Minimize the admission of containers wishing to share the host process ID namespace (Scored) | | | | | no data |
|  💼 5.2.3 Minimize the admission of containers wishing to share the host IPC namespace (Scored) | | | | | no data |
|  💼 5.2.4 Minimize the admission of containers wishing to share the host network namespace (Scored) | | | | | no data |
|  💼 5.2.5 Minimize the admission of containers with allowPrivilegeEscalation (Scored) | | | | | no data |
|  💼 5.2.6 Minimize the admission of root containers (Scored) | | | | | no data |
|  💼 5.2.7 Minimize the admission of containers with the NET_RAW capability (Scored) | | | | | no data |
|  💼 5.2.8 Minimize the admission of containers with added capabilities (Scored) | | | | | no data |
|  💼 5.2.9 Minimize the admission of containers with capabilities assigned (Scored) | | | | | no data |
| 💼 5.3 Network Policies and CNI | 2 | | | | no data |
|  💼 5.3.1 Ensure that the CNI in use supports Network Policies (Not Scored) | | | | | no data |
|  💼 5.3.2 Ensure that all Namespaces have Network Policies defined (Scored) | | | | | no data |
| 💼 5.4 Secrets Management | 2 | | | | no data |
|  💼 5.4.1 Prefer using secrets as files over secrets as environment variables (Not Scored) | | | | | no data |
|  💼 5.4.2 Consider external secret storage (Not Scored) | | | | | no data |
| 💼 5.5 Extensible Admission Control | 1 | | | | no data |
|  💼 5.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller (Not Scored) | | | | | no data |
| 💼 5.6 General Policies | 4 | | | | no data |
|  💼 5.6.1 Create administrative boundaries between resources using namespaces (Not Scored) | | | | | no data |
|  💼 5.6.2 Ensure that the seccomp profile is set to docker/default in your pod definitions (Not Scored) | | | | | no data |
|  💼 5.6.3 Apply Security Context to Your Pods and Containers (Not Scored) | | | | | no data |
|  💼 5.6.4 The default namespace should not be used (Scored) | | | | | no data |