February 19, 2025, Conformity—New Rules
GCP
- GKE-021: Use GKE Clusters with Private Endpoints Only: This rule ensures to restrict the control plane access to your Google Kubernetes Engine (GKE) clusters to private endpoints only, effectively disabling external access to the Kubernetes API.
- GKE-024: Use Container-Optimized OS for GKE Clusters Nodes: This rule ensures that your Google Kubernetes Engine (GKE) cluster nodes use the Container-Optimized OS (cos_containerd), a managed, optimized, and hardened base OS provided by GKE to limit the host's attack surface.