| 💼 5.1 Image Registry and Image Scanning | 4 | | | | no data |
|  💼 5.1.1 Ensure Image Vulnerability Scanning is enabled (Automated) | | | | | no data |
|  💼 5.1.2 Minimize user access to Container Image repositories (Manual) | | | | | no data |
|  💼 5.1.3 Minimize cluster access to read-only for Container Image repositories (Manual) | | | | | no data |
|  💼 5.1.4 Ensure only trusted container images are used (Manual) | | | | | no data |
| 💼 5.2 Identity and Access Management (IAM) | 2 | | 1 | | no data |
|  💼 5.2.1 Ensure GKE clusters are not running using the Compute Engine default service account (Automated) | | | 1 | | no data |
|  💼 5.2.2 Prefer using dedicated GCP Service Accounts and Workload Identity (Manual) | | | | | no data |
| 💼 5.3 Cloud Key Management Service (Cloud KMS) | 1 | | | | no data |
|  💼 5.3.1 Ensure Kubernetes Secrets are encrypted using keys managed in Cloud KMS (Automated) | | | | | no data |
| 💼 5.4 Node Metadata | 1 | | | | no data |
|  💼 5.4.1 Ensure the GKE Metadata Server is Enabled (Automated) | | | | | no data |
| 💼 5.5 Node Configuration and Maintenance | 7 | | 2 | | no data |
|  💼 5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE Node images (Automated) | | | | | no data |
|  💼 5.5.2 Ensure Node Auto-Repair is Enabled for GKE Nodes (Automated) | | | 1 | | no data |
|  💼 5.5.3 Ensure Node Auto-Upgrade is Enabled for GKE Nodes (Automated) | | | 1 | | no data |
|  💼 5.5.4 When creating New Clusters - Automate GKE version management using Release Channels (Automated) | | | | | no data |
|  💼 5.5.5 Ensure Shielded GKE Nodes are Enabled (Automated) | | | | | no data |
|  💼 5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled (Automated) | | | | | no data |
|  💼 5.5.7 Ensure Secure Boot for Shielded GKE Nodes is Enabled (Automated) | | | | | no data |
| 💼 5.6 Cluster Networking | 7 | | 2 | | no data |
|  💼 5.6.1 Enable VPC Flow Logs and Intranode Visibility (Automated) | | | | | no data |
|  💼 5.6.2 Ensure use of VPC-native clusters (Automated) | | | 1 | | no data |
|  💼 5.6.3 Ensure Control Plane Authorized Networks is Enabled (Automated) | | | 1 | | no data |
|  💼 5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Automated) | | | | | no data |
|  💼 5.6.5 Ensure clusters are created with Private Nodes (Automated) | | | | | no data |
|  💼 5.6.6 Consider firewalling GKE worker nodes (Manual) | | | | | no data |
|  💼 5.6.7 Ensure use of Google-managed SSL Certificates (Automated) | | | | | no data |
| 💼 5.7 Logging | 2 | | 2 | | no data |
|  💼 5.7.1 Ensure Logging and Cloud Monitoring is Enabled (Automated) | | | 2 | | no data |
|  💼 5.7.2 Enable Linux auditd logging (Manual) | | | | | no data |
| 💼 5.8 Authentication and Authorization | 3 | | | | no data |
|  💼 5.8.1 Ensure authentication using Client Certificates is Disabled (Automated) | | | | | no data |
|  💼 5.8.2 Manage Kubernetes RBAC users with Google Groups for GKE (Manual) | | | | | no data |
|  💼 5.8.3 Ensure Legacy Authorization (ABAC) is Disabled (Automated) | | | | | no data |
| 💼 5.9 Storage | 2 | | | | no data |
|  💼 5.9.1 Enable Customer-Managed Encryption Keys (CMEK) for GKE Persistent Disks (PD) (Manual) | | | | | no data |
|  💼 5.9.2 Enable Customer-Managed Encryption Keys (CMEK) for Boot Disks (Automated) | | | | | no data |
| 💼 5.10 Other Cluster Configurations | 4 | | 1 | | no data |
|  💼 5.10.1 Ensure Kubernetes Web UI is Disabled (Automated) | | | | | no data |
|  💼 5.10.2 Ensure that Alpha clusters are not used for production workloads (Automated) | | | 1 | | no data |
|  💼 5.10.3 Consider GKE Sandbox for running untrusted workloads (Automated) | | | | | no data |
|  💼 5.10.4 Enable Security Posture (Manual) | | | | | no data |