I got forwarded the CIS Securing Kubernetes benchmark document a few days back. That had around 100 things that should be set on a cluster for your Enterprise's next security audit.
There used to be a runnable cis benchmark libraries like neuvector/kuberntes-cis-benchmark[0] but there are less these days. Aqua Security also has one called kube-bench[1] which looks to be in better shape.