>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

V-242400The Kubernetes API server must have Alpha APIs disabled.

CAT II - Medium
CNTR-K8-000470

>Control Description

Kubernetes allows alpha API calls within the API server. The alpha features are disabled by default since they are not ready for production and likely to change without notice. These features may also contain security issues that are rectified as the feature matures. To keep the Kubernetes cluster secure and stable, these alpha features must not be used.

>Check Content

On the Control Plane, change to the manifests' directory at /etc/kubernetes/manifests and

$grep -i feature-gates * Review the "--feature-gates" setting, if one is returned.

If the "--feature-gate"s setting is available and contains the "AllAlpha" flag set to "true", this is a finding.

>Remediation

Edit any manifest file that contains the "--feature-gates" setting with "AllAlpha" set to "true". Set the value of "AllAlpha" to "false" or remove the setting completely. (AllAlpha - default=false)

>CCI References

CCI-000213

Control Correlation Identifiers (CCIs) map STIG findings to NIST 800-53 controls.

>Cross-Framework Mappings

NIST SP 800-53 r5

via DISA CCI List
AC-3
Compare

Ask AI

Configure your API key to use AI features.