AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Kubernetes cluster services should only use allowed external IPs

Azure BuiltIn Policy definition

Source Azure Portal
Display name Kubernetes cluster services should only use allowed external IPs
Id d46c275d-1680-448d-b2ec-e495a3b6cc89
Version 5.2.0
Details on versioning
Versioning Versions supported for Versioning: 2
5.1.0
5.2.0
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Use allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc.
Mode Microsoft.Kubernetes.Data
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.ContainerService/managedClusters
Microsoft.Kubernetes/connectedClusters
Compliance
The following 1 compliance controls are associated with this Policy definition 'Kubernetes cluster services should only use allowed external IPs' (d46c275d-1680-448d-b2ec-e495a3b6cc89)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.5 Customer n/a Ensure security controls for server-to-server external network connections include the following: (a) server-to-server authentication such as Public Key Infrastructure (PKI) certificate or user ID and password; (b) use of secure tunnels such as Transport Layer Security (TLS) and Virtual Private Network (VPN) IPSec; and (c) deploying staging servers with adequate perimeter defences and protection such as firewall, IPS and antivirus. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Nexus Compute Cluster Security Baseline 336cb876-5cb8-4795-b9d1-bd9323d3487e Nexus Preview BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-08-09 18:17:47 change Minor (5.1.0 > 5.2.0)
2023-05-01 17:41:52 change Minor (5.0.1 > 5.1.0)
2022-10-21 16:42:13 change Patch (5.0.0 > 5.0.1)
2022-09-19 17:41:40 change Major (4.0.1 > 5.0.0)
2022-06-17 16:31:08 change Patch (4.0.0 > 4.0.1)
2022-05-27 20:20:35 change Major (3.1.0 > 4.0.0)
2022-04-01 20:29:14 change Minor (3.0.2 > 3.1.0)
2021-12-06 22:17:57 change Patch (3.0.1 > 3.0.2)
2021-09-08 15:39:57 change Patch (3.0.0 > 3.0.1)
2021-03-16 16:49:20 change Major, old suffix: preview (2.0.0-preview > 3.0.0)
2021-03-02 15:11:40 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-01-13 16:08:35 add d46c275d-1680-448d-b2ec-e495a3b6cc89
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC