directory and file ownership is set to root:root (Automated) 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Automated) 1.1.21 Ensure that the Kubernetes Ensure that the --kubelet-client-certificate and -- kubelet-client-key arguments are set as appropriate (Automated) 1.2.6 Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated) to true (Automated) 2.7 Ensure that a unique Certificate Authority is used for etcd (Automated) 3.1 Authentication and Authorization 3.1.1 Client certificate authentication should not be used for users

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability transaction ordering into blocks for distribution. Each of the four organizations has a preferred Certificate Authority. 4.4.3 Creating the Network Let’s start at the beginning by creating the basis for the network:

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability transaction ordering into blocks for distribution. Each of the four organizations has a preferred Certificate Authority. 4.4.3 Creating the Network Let’s start at the beginning by creating the basis for the network:

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability transaction ordering into blocks for distribution. Each of the four organizations has a preferred Certificate Authority. 4.4.3 Creating the Network Let’s start at the beginning by creating the basis for the network:

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag applications and smart contracts. The network also supports the ability to deploy your network using Certificate Authorities, in addition to cryptogen. For more information about this network, check out Using Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag applications and smart contracts. The network also supports the ability to deploy your network using Certificate Authorities, in addition to cryptogen. For more information about this network, check out Using Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability transaction ordering into blocks for distribution. Each of the four organizations has a preferred Certificate Authority. 4.4.3 Creating the Network Let’s start at the beginning by creating the basis for the network:

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag applications and smart contracts. The network also supports the ability to deploy your network using Certificate Authorities, in addition to cryptogen. For more information about this network, check out Using Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag applications and smart contracts. The network also supports the ability to deploy your network using Certificate Authorities, in addition to cryptogen. For more information about this network, check out Using Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability

trust models. For instance, when deployed within a single enterprise, or operated by a trusted authority, fully byzantine fault tolerant consensus might be considered unnecessary and an excessive drag applications and smart contracts. The network also supports the ability to deploy your network using Certificate Authorities, in addition to cryptogen. For more information about this network, check out Using Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper dive on the databases, storage structure, and “query-ability