diff --git a/commands/kubelet_mapping_cfg.yaml b/commands/kubelet_mapping_cfg.yaml
new file mode 100644
index 00000000..b8dc632d
--- /dev/null
+++ b/commands/kubelet_mapping_cfg.yaml
@@ -0,0 +1,16 @@
+## this file repesent node kubelet-config api mapping param to the collector config params
+## example kubectl get --raw "/api/v1/nodes/<node name>/proxy/configz"
+---
+kubeletAnonymousAuthArgumentSet: kubeletconfig.authentication.anonymous.enabled
+kubeletAuthorizationModeArgumentSet: kubeletconfig.authorization.mode
+kubeletClientCaFileArgumentSet: kubeletconfig.authentication.x509.clientCAFile
+kubeletReadOnlyPortArgumentSet: kubeletconfig.readOnlyPort
+kubeletStreamingConnectionIdleTimeoutArgumentSet: kubeletconfig.streamingConnectionIdleTimeout
+kubeletProtectKernelDefaultsArgumentSet: kubeletconfig.protectKernelDefaults
+kubeletMakeIptablesUtilChainsArgumentSet: kubeletconfig.makeIPTablesUtilChains
+kubeletEventQpsArgumentSet: kubeletconfig.eventRecordQPS",
+kubeletRotateKubeletServerCertificateArgumentSet: kubeletconfig.featureGates.RotateKubeletServerCertificate
+kubeletRotateCertificatesArgumentSet: kubeletconfig.rotateCertificates
+kubeletTlsCertFileTlsArgumentSet: kubeletconfig.tlsCertFile
+kubeletTlsPrivateKeyFileArgumentSet: kubeletconfig.tlsPrivateKeyFile
+kubeletOnlyUseStrongCryptographic: kubeletconfig.tlsCipherSuites
\ No newline at end of file
diff --git a/commands/kubernetes/adminConfFileOwnership_cmd.yaml b/commands/kubernetes/adminConfFileOwnership_cmd.yaml
new file mode 100644
index 00000000..ed28413f
--- /dev/null
+++ b/commands/kubernetes/adminConfFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0014
+  key: adminConfFileOwnership
+  title: admin.conf file ownership
+  nodeType: master
+  audit: stat -c %U:%G /etc/kubernetes/admin.conf
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/adminConfFilePermissions_cmd.yaml b/commands/kubernetes/adminConfFilePermissions_cmd.yaml
new file mode 100644
index 00000000..5ff7a833
--- /dev/null
+++ b/commands/kubernetes/adminConfFilePermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0013
+  key: adminConfFilePermissions
+  title: admin.conf file permissions
+  nodeType: master
+  audit: stat -c %a /etc/kubernetes/admin.conf
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/certificateAuthoritiesFileOwnership_cmd.yaml b/commands/kubernetes/certificateAuthoritiesFileOwnership_cmd.yaml
new file mode 100644
index 00000000..1a0a136f
--- /dev/null
+++ b/commands/kubernetes/certificateAuthoritiesFileOwnership_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0029
+  key: certificateAuthoritiesFileOwnership
+  title: Client certificate authorities file ownership
+  nodeType: worker
+  audit: stat -c %U:%G $(ps -ef | grep $kubelet.bins |grep 'client-ca-file' | grep
+    -o 'client-ca-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1') 2>
+    /dev/null
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/certificateAuthoritiesFilePermissions_cmd.yaml b/commands/kubernetes/certificateAuthoritiesFilePermissions_cmd.yaml
new file mode 100644
index 00000000..77aad041
--- /dev/null
+++ b/commands/kubernetes/certificateAuthoritiesFilePermissions_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0028
+  key: certificateAuthoritiesFilePermissions
+  title: Client certificate authorities file permissions
+  nodeType: worker
+  audit: stat -c %a $(ps -ef | grep kubelet |grep 'client-ca-file' | grep -o
+    'client-ca-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1') 2>
+    /dev/null
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/containerNetworkInterfaceFileOwnership_cmd.yaml b/commands/kubernetes/containerNetworkInterfaceFileOwnership_cmd.yaml
new file mode 100644
index 00000000..66b8bd8f
--- /dev/null
+++ b/commands/kubernetes/containerNetworkInterfaceFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0010
+  key: containerNetworkInterfaceFileOwnership
+  title: Container Network Interface file ownership
+  nodeType: master
+  audit: stat -c %U:%G /*/cni/*
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/containerNetworkInterfaceFilePermissions_cmd.yaml b/commands/kubernetes/containerNetworkInterfaceFilePermissions_cmd.yaml
new file mode 100644
index 00000000..f0f193f5
--- /dev/null
+++ b/commands/kubernetes/containerNetworkInterfaceFilePermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0009
+  key: containerNetworkInterfaceFilePermissions
+  title: Container Network Interface file permissions
+  nodeType: master
+  audit: stat -c %a /*/cni/*
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/controllerManagerConfFileOwnership_cmd.yaml b/commands/kubernetes/controllerManagerConfFileOwnership_cmd.yaml
new file mode 100644
index 00000000..1f3d2776
--- /dev/null
+++ b/commands/kubernetes/controllerManagerConfFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0018
+  key: controllerManagerConfFileOwnership
+  title: controller-manager.conf file ownership
+  nodeType: master
+  audit: stat -c %U:%G $controllermanager.kubeconfig
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/controllerManagerConfFilePermissions_cmd.yaml b/commands/kubernetes/controllerManagerConfFilePermissions_cmd.yaml
new file mode 100644
index 00000000..a74b36c3
--- /dev/null
+++ b/commands/kubernetes/controllerManagerConfFilePermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0017
+  key: controllerManagerConfFilePermissions
+  title: controller-manager.conf file permissions
+  nodeType: master
+  audit: stat -c %a $controllermanager.kubeconfig
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/etcdDataDirectoryOwnership_cmd.yaml b/commands/kubernetes/etcdDataDirectoryOwnership_cmd.yaml
new file mode 100644
index 00000000..e3fdda97
--- /dev/null
+++ b/commands/kubernetes/etcdDataDirectoryOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0012
+  key: etcdDataDirectoryOwnership
+  title: Etcd data directory Ownership
+  nodeType: master
+  audit: stat -c %U:%G $etcd.datadirs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/etcdDataDirectoryPermissions_cmd.yaml b/commands/kubernetes/etcdDataDirectoryPermissions_cmd.yaml
new file mode 100644
index 00000000..456e625e
--- /dev/null
+++ b/commands/kubernetes/etcdDataDirectoryPermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0011
+  key: etcdDataDirectoryPermissions
+  title: Etcd data directory permissions
+  nodeType: master
+  audit: stat -c %a $etcd.datadirs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeAPIServerSpecFileOwnership_cmd.yaml b/commands/kubernetes/kubeAPIServerSpecFileOwnership_cmd.yaml
new file mode 100644
index 00000000..6ed1f924
--- /dev/null
+++ b/commands/kubernetes/kubeAPIServerSpecFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0002
+  key: kubeAPIServerSpecFileOwnership
+  title: API server pod specification file ownership
+  nodeType: master
+  audit: stat -c %U:%G $apiserver.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeAPIServerSpecFilePermission_cmd.yaml b/commands/kubernetes/kubeAPIServerSpecFilePermission_cmd.yaml
new file mode 100644
index 00000000..b05f0e66
--- /dev/null
+++ b/commands/kubernetes/kubeAPIServerSpecFilePermission_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0001
+  key: kubeAPIServerSpecFilePermission
+  title: API server pod specification file permissions
+  nodeType: master
+  audit: stat -c %a $apiserver.confs
+  platforms:
+    - k8s
+  
diff --git a/commands/kubernetes/kubeControllerManagerSpecFileOwnership_cmd.yaml b/commands/kubernetes/kubeControllerManagerSpecFileOwnership_cmd.yaml
new file mode 100644
index 00000000..060c8aed
--- /dev/null
+++ b/commands/kubernetes/kubeControllerManagerSpecFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0004
+  key: kubeControllerManagerSpecFileOwnership
+  title: Controller manager pod specification file ownership is set to root:root
+  nodeType: master
+  audit: stat -c %U:%G $controllermanager.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeControllerManagerSpecFilePermission_cmd.yaml b/commands/kubernetes/kubeControllerManagerSpecFilePermission_cmd.yaml
new file mode 100644
index 00000000..ab373343
--- /dev/null
+++ b/commands/kubernetes/kubeControllerManagerSpecFilePermission_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0003
+  key: kubeControllerManagerSpecFilePermission
+  title: Controller manager pod specification file permissions
+  nodeType: master
+  audit: stat -c %a $controllermanager.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeEtcdSpecFileOwnership_cmd.yaml b/commands/kubernetes/kubeEtcdSpecFileOwnership_cmd.yaml
new file mode 100644
index 00000000..8d4abdfa
--- /dev/null
+++ b/commands/kubernetes/kubeEtcdSpecFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0008
+  key: kubeEtcdSpecFileOwnership
+  title: Etcd pod specification file ownership
+  nodeType: master
+  audit: stat -c %U:%G $etcd.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeEtcdSpecFilePermission_cmd.yaml b/commands/kubernetes/kubeEtcdSpecFilePermission_cmd.yaml
new file mode 100644
index 00000000..597bfe29
--- /dev/null
+++ b/commands/kubernetes/kubeEtcdSpecFilePermission_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0007
+  key: kubeEtcdSpecFilePermission
+  title: Etcd pod specification file permissions
+  nodeType: master
+  audit: stat -c %a $etcd.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubePKIDirectoryFileOwnership_cmd.yaml b/commands/kubernetes/kubePKIDirectoryFileOwnership_cmd.yaml
new file mode 100644
index 00000000..eb53c16c
--- /dev/null
+++ b/commands/kubernetes/kubePKIDirectoryFileOwnership_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0019
+  key: kubePKIDirectoryFileOwnership
+  title: Kubernetes PKI directory and file ownership
+  nodeType: master
+  audit: stat -c %U:%G $(ls -R $kubelet.cafile | awk
+    '/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{print s"/"$0 }')
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubePKIKeyFilePermissions_cmd.yaml b/commands/kubernetes/kubePKIKeyFilePermissions_cmd.yaml
new file mode 100644
index 00000000..87d88574
--- /dev/null
+++ b/commands/kubernetes/kubePKIKeyFilePermissions_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0021
+  key: kubePKIKeyFilePermissions
+  title: Kubernetes PKI certificate file permissions
+  nodeType: master
+  audit: stat -c %a $(ls -aR $kubelet.cafile | awk
+    '/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{print s"/"$0}' |
+    grep \.key$)
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeSchedulerSpecFileOwnership_cmd.yaml b/commands/kubernetes/kubeSchedulerSpecFileOwnership_cmd.yaml
new file mode 100644
index 00000000..df5ea698
--- /dev/null
+++ b/commands/kubernetes/kubeSchedulerSpecFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0006
+  key: kubeSchedulerSpecFileOwnership
+  title: Scheduler pod specification file ownership
+  nodeType: master
+  audit: stat -c %U:%G $scheduler.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeSchedulerSpecFilePermission_cmd.yaml b/commands/kubernetes/kubeSchedulerSpecFilePermission_cmd.yaml
new file mode 100644
index 00000000..beac1064
--- /dev/null
+++ b/commands/kubernetes/kubeSchedulerSpecFilePermission_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0005
+  key: kubeSchedulerSpecFilePermission
+  title: Scheduler pod specification file permissions
+  nodeType: master
+  audit: stat -c %a $scheduler.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeconfigFileExistsOwnership_cmd.yaml b/commands/kubernetes/kubeconfigFileExistsOwnership_cmd.yaml
new file mode 100644
index 00000000..7721720c
--- /dev/null
+++ b/commands/kubernetes/kubeconfigFileExistsOwnership_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0025
+  key: kubeconfigFileExistsOwnership
+  title: Kubeconfig file exists ensure ownership
+  nodeType: worker
+  audit: output=`stat -c %U:%G $(ps -ef | grep $proxy.bins |grep 'kubeconfig' |
+    grep -o 'kubeconfig=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1')
+    2>/dev/null` || echo $output
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeconfigFileExistsPermissions_cmd.yaml b/commands/kubernetes/kubeconfigFileExistsPermissions_cmd.yaml
new file mode 100644
index 00000000..9426846a
--- /dev/null
+++ b/commands/kubernetes/kubeconfigFileExistsPermissions_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0024
+  key: kubeconfigFileExistsPermissions
+  title: Kubeconfig file exists ensure permissions
+  nodeType: worker
+  audit: output=`stat -c %a $(ps -ef | grep $proxy.bins |grep 'kubeconfig' | grep
+    -o 'kubeconfig=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1')
+    2>/dev/null` || echo $output
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletAnonymousAuthArgumentSet_cmd.yaml b/commands/kubernetes/kubeletAnonymousAuthArgumentSet_cmd.yaml
new file mode 100644
index 00000000..69ed9b13
--- /dev/null
+++ b/commands/kubernetes/kubeletAnonymousAuthArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0032
+  key: kubeletAnonymousAuthArgumentSet
+  title: kubelet --anonymous-auth argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --anonymous-auth' | grep -o '
+    --anonymous-auth=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletAuthorizationModeArgumentSet_cmd.yaml b/commands/kubernetes/kubeletAuthorizationModeArgumentSet_cmd.yaml
new file mode 100644
index 00000000..282bd14f
--- /dev/null
+++ b/commands/kubernetes/kubeletAuthorizationModeArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0033
+  key: kubeletAuthorizationModeArgumentSet
+  title: kubelet --authorization-mode argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --authorization-mode' | grep -o '
+    --authorization-mode=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletClientCaFileArgumentSet_cmd.yaml b/commands/kubernetes/kubeletClientCaFileArgumentSet_cmd.yaml
new file mode 100644
index 00000000..729042e3
--- /dev/null
+++ b/commands/kubernetes/kubeletClientCaFileArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0034
+  key: kubeletClientCaFileArgumentSet
+  title: kubelet --client-ca-file argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --client-ca-file' | grep -o '
+    --client-ca-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletConfFileOwnership_cmd.yaml b/commands/kubernetes/kubeletConfFileOwnership_cmd.yaml
new file mode 100644
index 00000000..56932475
--- /dev/null
+++ b/commands/kubernetes/kubeletConfFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0027
+  key: kubeletConfFileOwnership
+  title: kubelet.conf file ownership
+  nodeType: worker
+  audit: stat -c %U:%G $kubelet.kubeconfig
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletConfFilePermissions_cmd.yaml b/commands/kubernetes/kubeletConfFilePermissions_cmd.yaml
new file mode 100644
index 00000000..3d8c321c
--- /dev/null
+++ b/commands/kubernetes/kubeletConfFilePermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0026
+  key: kubeletConfFilePermissions
+  title: kubelet.conf file permissions
+  nodeType: worker
+  audit: stat -c %a $kubelet.kubeconfig
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletConfigYamlConfigurationFileOwnership_cmd.yaml b/commands/kubernetes/kubeletConfigYamlConfigurationFileOwnership_cmd.yaml
new file mode 100644
index 00000000..54289635
--- /dev/null
+++ b/commands/kubernetes/kubeletConfigYamlConfigurationFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0031
+  key: kubeletConfigYamlConfigurationFileOwnership
+  title: kubelet config.yaml configuration file ownership
+  nodeType: worker
+  audit: stat -c %U:%G $kubelet.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletConfigYamlConfigurationFilePermission_cmd.yaml b/commands/kubernetes/kubeletConfigYamlConfigurationFilePermission_cmd.yaml
new file mode 100644
index 00000000..f0a12b7b
--- /dev/null
+++ b/commands/kubernetes/kubeletConfigYamlConfigurationFilePermission_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0030
+  key: kubeletConfigYamlConfigurationFilePermission
+  title: kubelet config.yaml configuration file permissions
+  nodeType: worker
+  audit: stat -c %a $kubelet.confs
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletEventQpsArgumentSet_cmd.yaml b/commands/kubernetes/kubeletEventQpsArgumentSet_cmd.yaml
new file mode 100644
index 00000000..4f1b2a1d
--- /dev/null
+++ b/commands/kubernetes/kubeletEventQpsArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0040
+  key: kubeletEventQpsArgumentSet
+  title: kubelet --event-qps argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --event-qps' | grep -o '
+    --event-qps=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletHostnameOverrideArgumentSet_cmd.yaml b/commands/kubernetes/kubeletHostnameOverrideArgumentSet_cmd.yaml
new file mode 100644
index 00000000..c622b0f8
--- /dev/null
+++ b/commands/kubernetes/kubeletHostnameOverrideArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0039
+  key: kubeletHostnameOverrideArgumentSet
+  title: kubelet hostname-override argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --hostname-override' | grep -o '
+    --hostname-override=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletMakeIptablesUtilChainsArgumentSet_cmd.yaml b/commands/kubernetes/kubeletMakeIptablesUtilChainsArgumentSet_cmd.yaml
new file mode 100644
index 00000000..92eae556
--- /dev/null
+++ b/commands/kubernetes/kubeletMakeIptablesUtilChainsArgumentSet_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0038
+  key: kubeletMakeIptablesUtilChainsArgumentSet
+  title: kubelet --make-iptables-util-chains argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --make-iptables-util-chains' | grep
+    -o ' --make-iptables-util-chains=[^"]\S*' | awk -F "=" '{print $2}' |awk
+    'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletOnlyUseStrongCryptographic_cmd.yaml b/commands/kubernetes/kubeletOnlyUseStrongCryptographic_cmd.yaml
new file mode 100644
index 00000000..6f10acee
--- /dev/null
+++ b/commands/kubernetes/kubeletOnlyUseStrongCryptographic_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0045
+  key: kubeletOnlyUseStrongCryptographic
+  title: Kubelet only makes use of Strong Cryptographic
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep 'TLSCipherSuites' | grep -o
+    'TLSCipherSuites=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletProtectKernelDefaultsArgumentSet_cmd.yaml b/commands/kubernetes/kubeletProtectKernelDefaultsArgumentSet_cmd.yaml
new file mode 100644
index 00000000..cc390a81
--- /dev/null
+++ b/commands/kubernetes/kubeletProtectKernelDefaultsArgumentSet_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0037
+  key: kubeletProtectKernelDefaultsArgumentSet
+  title: kubelet --protect-kernel-defaults argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --protect-kernel-defaults' | grep -o
+    ' --protect-kernel-defaults=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <=
+    1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletReadOnlyPortArgumentSet_cmd.yaml b/commands/kubernetes/kubeletReadOnlyPortArgumentSet_cmd.yaml
new file mode 100644
index 00000000..f9893c11
--- /dev/null
+++ b/commands/kubernetes/kubeletReadOnlyPortArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0035
+  key: kubeletReadOnlyPortArgumentSet
+  title: kubelet --read-only-port argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --read-only-port' | grep -o '
+    --read-only-port=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletRotateCertificatesArgumentSet_cmd.yaml b/commands/kubernetes/kubeletRotateCertificatesArgumentSet_cmd.yaml
new file mode 100644
index 00000000..bf3c43a9
--- /dev/null
+++ b/commands/kubernetes/kubeletRotateCertificatesArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0043
+  key: kubeletRotateCertificatesArgumentSet
+  title: kubelet --rotate-certificates argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --rotate-certificates' | grep -o '
+    --rotate-certificates=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletRotateKubeletServerCertificateArgumentSet_cmd.yaml b/commands/kubernetes/kubeletRotateKubeletServerCertificateArgumentSet_cmd.yaml
new file mode 100644
index 00000000..7e0c94b6
--- /dev/null
+++ b/commands/kubernetes/kubeletRotateKubeletServerCertificateArgumentSet_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0044
+  key: kubeletRotateKubeletServerCertificateArgumentSet
+  title: kubelet RotateKubeletServerCertificate argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep 'RotateKubeletServerCertificate' | grep
+    -o 'RotateKubeletServerCertificate=[^"]\S*' | awk -F "=" '{print $2}' |awk
+    'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletServiceFileOwnership_cmd.yaml b/commands/kubernetes/kubeletServiceFileOwnership_cmd.yaml
new file mode 100644
index 00000000..3371f6ab
--- /dev/null
+++ b/commands/kubernetes/kubeletServiceFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0023
+  key: kubeletServiceFileOwnership
+  title: Kubelet service file ownership
+  nodeType: worker
+  audit: stat -c %U:%G $kubelet.svc
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletServiceFilePermissions_cmd.yaml b/commands/kubernetes/kubeletServiceFilePermissions_cmd.yaml
new file mode 100644
index 00000000..427e8ac9
--- /dev/null
+++ b/commands/kubernetes/kubeletServiceFilePermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0022
+  key: kubeletServiceFilePermissions
+  title: Kubelet service file permissions
+  nodeType: worker
+  audit: stat -c %a $kubelet.svc
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletStreamingConnectionIdleTimeoutArgumentSet_cmd.yaml b/commands/kubernetes/kubeletStreamingConnectionIdleTimeoutArgumentSet_cmd.yaml
new file mode 100644
index 00000000..48ed42ea
--- /dev/null
+++ b/commands/kubernetes/kubeletStreamingConnectionIdleTimeoutArgumentSet_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0036
+  key: kubeletStreamingConnectionIdleTimeoutArgumentSet
+  title: kubelet --streaming-connection-idle-timeout argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --streamingConnectionIdleTimeout' |
+    grep -o ' --streamingConnectionIdleTimeout=[^"]\S*' | awk -F "=" '{print
+    $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletTlsCertFileTlsArgumentSet_cmd.yaml b/commands/kubernetes/kubeletTlsCertFileTlsArgumentSet_cmd.yaml
new file mode 100644
index 00000000..388635ec
--- /dev/null
+++ b/commands/kubernetes/kubeletTlsCertFileTlsArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0041
+  key: kubeletTlsCertFileTlsArgumentSet
+  title: kubelet --tls-cert-file argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --tls-cert-file' | grep -o '
+    --tls-cert-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubeletTlsPrivateKeyFileArgumentSet_cmd.yaml b/commands/kubernetes/kubeletTlsPrivateKeyFileArgumentSet_cmd.yaml
new file mode 100644
index 00000000..a3497cf9
--- /dev/null
+++ b/commands/kubernetes/kubeletTlsPrivateKeyFileArgumentSet_cmd.yaml
@@ -0,0 +1,9 @@
+---
+- id: CMD-0042
+  key: kubeletTlsPrivateKeyFileArgumentSet
+  title: kubelet --tls-private-key-file argument is set
+  nodeType: worker
+  audit: ps -ef | grep $kubelet.bins |grep ' --tls-private-key-file' | grep -o '
+    --tls-private-key-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/kubernetesPKICertificateFilePermissions_cmd.yaml b/commands/kubernetes/kubernetesPKICertificateFilePermissions_cmd.yaml
new file mode 100644
index 00000000..5eb6908e
--- /dev/null
+++ b/commands/kubernetes/kubernetesPKICertificateFilePermissions_cmd.yaml
@@ -0,0 +1,10 @@
+---
+- id: CMD-0020
+  key: kubernetesPKICertificateFilePermissions
+  title: Kubernetes PKI certificate file permissions
+  nodeType: master
+  audit: stat -c %a $(ls -aR $kubelet.cafile |
+    awk'/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{print
+    s"/"$0}' | grep \.crt$)
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/schedulerConfFileOwnership_cmd.yaml b/commands/kubernetes/schedulerConfFileOwnership_cmd.yaml
new file mode 100644
index 00000000..3296c570
--- /dev/null
+++ b/commands/kubernetes/schedulerConfFileOwnership_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0016
+  key: schedulerConfFileOwnership
+  title: scheduler.conf file ownership
+  nodeType: master
+  audit: stat -c %U:%G $scheduler.kubeconfig
+  platforms:
+    - k8s
diff --git a/commands/kubernetes/schedulerConfFilePermissions_cmd.yaml b/commands/kubernetes/schedulerConfFilePermissions_cmd.yaml
new file mode 100644
index 00000000..b23ce6c0
--- /dev/null
+++ b/commands/kubernetes/schedulerConfFilePermissions_cmd.yaml
@@ -0,0 +1,8 @@
+---
+- id: CMD-0015
+  key: schedulerConfFilePermissions
+  title: scheduler.conf file permissions
+  nodeType: master
+  audit: stat -c %a $scheduler.kubeconfig
+  platforms:
+    - k8s
diff --git a/commands/node_cfg.yaml b/commands/node_cfg.yaml
new file mode 100644
index 00000000..d29819a0
--- /dev/null
+++ b/commands/node_cfg.yaml
@@ -0,0 +1,149 @@
+---
+node:
+  apiserver:
+    confs:
+      - /etc/kubernetes/manifests/kube-apiserver.yaml
+      - /etc/kubernetes/manifests/kube-apiserver.yml
+      - /etc/kubernetes/manifests/kube-apiserver.manifest
+      - /var/snap/kube-apiserver/current/args
+      - /var/snap/microk8s/current/args/kube-apiserver
+      - /etc/origin/master/master-config.yaml
+      - /etc/kubernetes/manifests/talos-kube-apiserver.yaml
+      - /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
+    defaultconf: /etc/kubernetes/manifests/kube-apiserver.yaml
+  controllermanager:
+    confs:
+      - /etc/kubernetes/manifests/kube-controller-manager.yaml
+      - /etc/kubernetes/manifests/kube-controller-manager.yml
+      - /etc/kubernetes/manifests/kube-controller-manager.manifest
+      - /var/snap/kube-controller-manager/current/args
+      - /var/snap/microk8s/current/args/kube-controller-manager
+      - /etc/kubernetes/manifests/talos-kube-controller-manager.yaml
+      - /var/lib/rancher/rke2/agent/pod-manifests/kube-controller-manager.yaml
+    defaultconf: /etc/kubernetes/manifests/kube-controller-manager.yaml
+    kubeconfig:
+      - /etc/kubernetes/controller-manager.conf
+      - /var/lib/kube-controller-manager/kubeconfig
+      - /system/secrets/kubernetes/kube-controller-manager/kubeconfig
+    defaultkubeconfig: /etc/kubernetes/controller-manager.conf
+  scheduler:
+    confs:
+      - /etc/kubernetes/manifests/kube-scheduler.yaml
+      - /etc/kubernetes/manifests/kube-scheduler.yml
+      - /etc/kubernetes/manifests/kube-scheduler.manifest
+      - /var/snap/kube-scheduler/current/args
+      - /var/snap/microk8s/current/args/kube-scheduler
+      - /etc/origin/master/scheduler.json
+      - /etc/kubernetes/manifests/talos-kube-scheduler.yaml
+      - /var/lib/rancher/rke2/agent/pod-manifests/kube-scheduler.yaml
+    defaultconf: /etc/kubernetes/manifests/kube-scheduler.yaml
+    kubeconfig:
+      - /etc/kubernetes/scheduler.conf
+      - /var/lib/kube-scheduler/kubeconfig
+      - /var/lib/kube-scheduler/config.yaml
+      - /system/secrets/kubernetes/kube-scheduler/kubeconfig
+    defaultkubeconfig: /etc/kubernetes/scheduler.conf
+  etcd:
+    datadirs:
+      - /var/lib/etcd/default.etcd
+      - /var/lib/etcd/data.etcd
+    confs:
+      - /etc/kubernetes/manifests/etcd.yaml
+      - /etc/kubernetes/manifests/etcd.yml
+      - /etc/kubernetes/manifests/etcd.manifest
+      - /etc/etcd/etcd.conf
+      - /var/snap/etcd/common/etcd.conf.yml
+      - /var/snap/etcd/common/etcd.conf.yaml
+      - /var/snap/microk8s/current/args/etcd
+      - /usr/lib/systemd/system/etcd.service
+      - /var/lib/rancher/rke2/agent/pod-manifests/etcd.yaml
+      - /var/lib/rancher/k3s/server/db/etcd/config
+    defaultconf: /etc/kubernetes/manifests/etcd.yaml
+    defaultdatadir: /var/lib/etcd/default.etcd
+  flanneld:
+    defaultconf: /etc/sysconfig/flanneld
+  kubernetes:
+    defaultconf: /etc/kubernetes/config
+  kubelet:
+    cafile:
+      - /etc/kubernetes/pki/ca.crt
+      - /etc/kubernetes/certs/ca.crt
+      - /etc/kubernetes/cert/ca.pem
+      - /var/snap/microk8s/current/certs/ca.crt
+      - /var/lib/rancher/rke2/agent/server.crt
+      - /var/lib/rancher/rke2/agent/client-ca.crt
+      - /var/lib/rancher/k3s/agent/client-ca.crt
+    svc:
+      - /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+      - /etc/systemd/system/kubelet.service
+      - /lib/systemd/system/kubelet.service
+      - /etc/systemd/system/snap.kubelet.daemon.service
+      - /etc/systemd/system/snap.microk8s.daemon-kubelet.service
+      - /etc/systemd/system/atomic-openshift-node.service
+      - /etc/systemd/system/origin-node.service
+    bins:
+      - hyperkube kubelet
+      - kubelet
+    kubeconfig:
+      - /etc/kubernetes/kubelet.conf
+      - /etc/kubernetes/kubelet-kubeconfig.conf
+      - /var/lib/kubelet/kubeconfig
+      - /etc/kubernetes/kubelet-kubeconfig
+      - /etc/kubernetes/kubelet/kubeconfig
+      - /etc/kubernetes/ssl/kubecfg-kube-node.yaml
+      - /var/snap/microk8s/current/credentials/kubelet.config
+      - /etc/kubernetes/kubeconfig-kubelet
+      - /var/lib/rancher/rke2/agent/kubelet.kubeconfig
+      - /var/lib/rancher/k3s/server/cred/admin.kubeconfig
+      - /var/lib/rancher/k3s/agent/kubelet.kubeconfig
+    confs:
+      - /etc/kubernetes/kubelet-config.yaml
+      - /var/lib/kubelet/config.yaml
+      - /var/lib/kubelet/config.yml
+      - /etc/kubernetes/kubelet/kubelet-config.json
+      - /etc/kubernetes/kubelet/config
+      - /home/kubernetes/kubelet-config.yaml
+      - /home/kubernetes/kubelet-config.yml
+      - /etc/default/kubeletconfig.json
+      - /etc/default/kubelet
+      - /var/lib/kubelet/kubeconfig
+      - /var/snap/kubelet/current/args
+      - /var/snap/microk8s/current/args/kubelet
+      - /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+      - /etc/systemd/system/kubelet.service
+      - /lib/systemd/system/kubelet.service
+      - /etc/systemd/system/snap.kubelet.daemon.service
+      - /etc/systemd/system/snap.microk8s.daemon-kubelet.service
+      - /etc/kubernetes/kubelet.yaml
+      - /var/lib/rancher/rke2/agent/kubelet.kubeconfig
+    defaultconf: /var/lib/kubelet/config.yaml
+    defaultsvc: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+    defaultkubeconfig: /etc/kubernetes/kubelet.conf
+    defaultcafile: /etc/kubernetes/pki/ca.crt
+  proxy:
+    bins:
+      - kube-proxy
+      - hyperkube proxy
+      - hyperkube kube-proxy
+      - proxy
+      - openshift start network
+    confs:
+      - /etc/kubernetes/proxy
+      - /etc/kubernetes/addons/kube-proxy-daemonset.yaml
+      - /etc/kubernetes/addons/kube-proxy-daemonset.yml
+      - /var/snap/kube-proxy/current/args
+      - /var/snap/microk8s/current/args/kube-proxy
+    kubeconfig:
+      - /etc/kubernetes/kubelet-kubeconfig
+      - /etc/kubernetes/kubelet-kubeconfig.conf
+      - /etc/kubernetes/kubelet/config
+      - /etc/kubernetes/ssl/kubecfg-kube-proxy.yaml
+      - /var/lib/kubelet/kubeconfig
+      - /var/snap/microk8s/current/credentials/proxy.config
+      - /var/lib/rancher/rke2/agent/kubeproxy.kubeconfig
+      - /var/lib/rancher/k3s/agent/kubeproxy.kubeconfig
+    svc:
+      - /lib/systemd/system/kube-proxy.service
+      - /etc/systemd/system/snap.microk8s.daemon-proxy.service
+    defaultconf: /etc/kubernetes/addons/kube-proxy-daemonset.yaml
+    defaultkubeconfig: /etc/kubernetes/proxy.conf