| 💼 4.1 RBAC and Service Accounts | 10 | | | | no data |
|  💼 4.1.1 Ensure that the cluster-admin role is only used where required (Automated) | | | | | no data |
|  💼 4.1.2 Minimize access to secrets (Automated) | | | | | no data |
|  💼 4.1.3 Minimize wildcard use in Roles and ClusterRoles (Automated) | | | | | no data |
|  💼 4.1.4 Ensure that default service accounts are not actively used (Automated) | | | | | no data |
|  💼 4.1.5 Ensure that Service Account Tokens are only mounted where necessary (Automated) | | | | | no data |
|  💼 4.1.6 Avoid use of system:masters group (Automated) | | | | | no data |
|  💼 4.1.7 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster (Manual) | | | | | no data |
|  💼 4.1.8 Avoid bindings to system:anonymous (Automated) | | | | | no data |
|  💼 4.1.9 Avoid non-default bindings to system:unauthenticated (Automated) | | | | | no data |
|  💼 4.1.10 Avoid non-default bindings to system:authenticated (Automated) | | | | | no data |
| 💼 4.2 Pod Security Standards | 1 | | | | no data |
|  💼 4.2.1 Ensure that the cluster enforces Pod Security Standard Baseline profile or stricter for all namespaces. (Manual) | | | | | no data |
| 💼 4.3 Network Policies and CNI | 2 | | | | no data |
|  💼 4.3.1 Ensure that the CNI in use supports Network Policies (Manual) | | | | | no data |
|  💼 4.3.2 Ensure that all Namespaces have Network Policies defined (Automated) | | | | | no data |
| 💼 4.4 Secrets Management | 2 | | | | no data |
|  💼 4.4.1 Prefer using secrets as files over secrets as environment variables (Automated) | | | | | no data |
|  💼 4.4.2 Consider external secret storage (Manual) | | | | | no data |
| 💼 4.5 Extensible Admission Control | 1 | | | | no data |
|  💼 4.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller (Manual) | | | | | no data |
| 💼 4.6 General Policies | 4 | | | | no data |
|  💼 4.6.1 Create administrative boundaries between resources using namespaces (Manual) | | | | | no data |
|  💼 4.6.2 Ensure that the seccomp profile is set to RuntimeDefault in the pod definitions (Automated) | | | | | no data |
|  💼 4.6.3 Apply Security Context to Pods and Containers (Manual) | | | | | no data |
|  💼 4.6.4 The default namespace should not be used (Automated) | | | | | no data |