certs. No CA cert is saved to verify the communication between kube-apiserver and kubelet . Mitigation Make sure nodes with role:controlplane are on the same local network as your nodes with role:worker | match("--kubelet-certificate-authority=.*").string' Returned Value: none Result: Fail (See Mitigation) 1.1.22 - Ensure that the --kubelet-client-certificate and -- kubelet-client-key arguments Result: Pass 1.5.7 - Ensure that a unique Certificate Authority is used for etcd (Not Scored) Mitigation RKE supports connecting to an external etcd cluster. This external cluster could be configured

Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks NA Overall Level 1 [140] Section 4.5 Physical Security is not applicable Module does not implement attack mitigations outside the scope of [140], hence [140] Section 4.11 Mitigation of Other Attacks is not applicable per [140IG] G.3. FIPS 140-2 Security Policy Rancher Kubernetes