feat: add CIS-1.12 support (#2035)

- Update master to 1.2.29 and purge CBC ciphers: https://workbench.cisecurity.org/tickets/24968 - Remove TLS_RSA_WITH_AES_256_GCM_SHA384 & TLS_RSA_WITH_AES_128_GCM_SHA256 (CBC support) for node 4.2.12: https://workbench.cisecurity.org/tickets/24968 - Remove node check 4.2.15: https://workbench.cisecurity.org/tickets/24915 - Remove policy 5.2.9 "Minimize the admission of containers with added capabilities" (Manual): https://workbench.cisecurity.org/benchmarks/21709/tickets/25337 - Update "Minimize the admission of containers with capabilities assigned" policies to remove PodSecurityPolicy (PSP) references Signed-off-by: Andy Pitcher <andy.pitcher@suse.com>
2026-02-14 18:10:00 +00:00 · 2026-02-12 06:34:08 +01:00
parent c1bee59a02
commit f1807bb192
10 changed files with 2151 additions and 3 deletions
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -25,6 +25,7 @@ The following table shows the valid targets based on the CIS Benchmark version.
 | cis-1.9              | master, controlplane, node, etcd, policies |
 | cis-1.10              | master, controlplane, node, etcd, policies |
 | cis-1.11              | master, controlplane, node, etcd, policies |
+| cis-1.12              | master, controlplane, node, etcd, policies |
 | gke-1.0              | master, controlplane, node, etcd, policies, managedservices |
 | gke-1.2.0            | controlplane, node, policies, managedservices |
 | gke-1.6.0            | controlplane, node, policies, managedservices |
--- a/docs/platforms.md
+++ b/docs/platforms.md
@@ -19,7 +19,8 @@ Other benchmarks are defined by hardening guides.
 | CIS    | [1.8](https://workbench.cisecurity.org/benchmarks/12958)                                                                                                                                          | cis-1.8                  | 1.26                |
 | CIS    | [1.9](https://workbench.cisecurity.org/benchmarks/16828)                                                                                                                                          | cis-1.9                  | 1.27                |
 | CIS    | [1.10](https://workbench.cisecurity.org/benchmarks/17568)                                                                                                                                         | cis-1.10                  | 1.28               |
-| CIS    | [1.11](https://workbench.cisecurity.org/benchmarks/21709)                                                                                                                                         | cis-1.11                  | 1.29-1.32          |
+| CIS    | [1.11](https://workbench.cisecurity.org/benchmarks/21709)                                                                                                                                         | cis-1.11                  | 1.29-1.31          |
+| CIS    | [1.12](https://workbench.cisecurity.org/benchmarks/22107)                                                                                                                                         | cis-1.12                  | 1.32-1.34          |
 | CIS    | [GKE 1.0.0](https://workbench.cisecurity.org/benchmarks/4536)                                                                                                                                     | gke-1.0                  | GKE                 |
 | CIS    | [GKE 1.2.0](https://workbench.cisecurity.org/benchmarks/7534)                                                                                                                                     | gke-1.2.0                | GKE                 |
 | CIS    | [GKE 1.6.0](https://workbench.cisecurity.org/benchmarks/16093)                                                                                                                                    | gke-1.6.0                | GKE                 |