Vendor services misconfigurations

GKE using Legacy Authorization (ABAC)

Platform(s)
Compliance Frameworks
  • GKE CIS
  • ,
  • NIST 800-190

Description

Legacy Authorization, also known as Attribute-Based Access Control (ABAC) has been superseded by Role-Based Access Control (RBAC) and is not under active development. RBAC is the recommended way to manage permissions in Kubernetes. It was detected that {GcpGkeCluster} uses ABAC instead of RBAC.