Vendor services misconfigurations

GKE Nodepool creating nodes without Secure Boot

Platform(s)
Compliance Frameworks
  • CCPA
  • ,
  • CPRA
  • ,
  • GKE CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails in order to prevent an attacker that seeks to alter boot components to persist malware or root kits during system initialisation. It was detected that {GcpGkeCluster.NodePools} does not use Secure Boot feature for it's nodes.