>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

V-242395Kubernetes dashboard must not be enabled.

CAT II - Medium
CNTR-K8-000420

>Control Description

While the Kubernetes dashboard is not inherently insecure on its own, it is often coupled with a misconfiguration of Role-Based Access control (RBAC) permissions that can unintentionally over-grant access. It is not commonly protected with "NetworkPolicies", preventing all pods from being able to reach it. In increasingly rare circumstances, the Kubernetes dashboard is exposed publicly to the internet.

>Check Content

From the Control Plane,

$kubectl get pods --all-namespaces -l k8s-app=kubernetes-dashboard

If any resources are returned, this is a finding.

>Remediation

Delete the Kubernetes dashboard deployment with the following command: kubectl delete deployment kubernetes-dashboard --namespace=kube-system

>CCI References

CCI-000213

Control Correlation Identifiers (CCIs) map STIG findings to NIST 800-53 controls.

>Cross-Framework Mappings

NIST SP 800-53 r5

via DISA CCI List
AC-3
Compare

Ask AI

Configure your API key to use AI features.