Change log: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark

Profile versioning

When specifications or controls are edited, removed from, or added to a profile in a way that is not compatible with the current version, a new version is released. To take advantage of the changes in a new version, update your attachments to use the newest profile version.

This profile is consistently updated and is not an exhaustive list of all the controls that might be required for every organization. Be sure to validate the available controls to determine where you might need to supplement your workloads with other security measures.

Version 1.2.0

Now available As of 6 December 2023, few component-id assesments in the CIS Amazon Elastic Kubernetes Service (EKS) Benchmarkprofile have changed. The component-id of following assements from container-eks to aws-resource.

• ECR - Enabled Vulnerability Scanning
• Fargate - Untrusted Workloads
• KMS - Enabled Secrets Encryption (EKS)
• Logging - Enabled Cluster Logging (EKS)
• Network - Disabled Endpoint Public Access in Existing Clusters (EKS)
• Network - Enabled Endpoint Private Access in Existing Clusters (EKS)
• Network - Private Nodes (EKS)
• Network - TLS Encryption to HTTPS Load Balancers (EKS)
• RBAC - Enabled with AWS IAM Authenticator for Kubernetes

Version 1.1.0

Now available

As of 7 November 2023, the control hierarchy in the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark profile has changed. Assessments have been remapped so that a single assessment is mapped to a single specification. No new assessments were added.

Version 1.0.0

Now available

Released today, 14 July 2023, the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark is a collection of controls designed to validate the configuration of your Kubernetes Service clusters. This profile is evaluated by using wp-rule assessments. These are assessments that are defined by the Workload Protection service and imported into Security and Compliance Center.