diff --git a/cfg/1.13/master.yaml b/cfg/1.13/master.yaml
index ea7b974921f8788e5dc45665eedeb4a3b1fc5721..13ee16efeb0ae2a3c9ea9e719b39a2f52223897f 100644
--- a/cfg/1.13/master.yaml
+++ b/cfg/1.13/master.yaml
@@ -186,8 +186,9 @@ groups:
     scored: true
 
   - id: 1.1.12
-    text: "Ensure that the admission control plugin DenyEscalatingExec is set (Scored)"
+    text: "[DEPRECATED] Ensure that the admission control plugin DenyEscalatingExec is set (Not Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
+    type: skip
     tests:
       test_items:
       - flag: "--enable-admission-plugins"
@@ -200,7 +201,7 @@ groups:
       on the master node and set the --enable-admission-plugins parameter to a
       value that includes DenyEscalatingExec.
       --enable-admission-plugins=...,DenyEscalatingExec,...
-    scored: true
+    scored: false
 
   - id: 1.1.13
     text: "Ensure that the admission control plugin SecurityContextDeny is set (Scored)"
@@ -559,19 +560,19 @@ groups:
     scored: true
 
   - id: 1.1.34
-    text: "Ensure that the --experimental-encryption-provider-config argument is
-    set as appropriate (Scored)"
+    text: "Ensure that the --encryption-provider-config argument is set as appropriate (Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
+    type: "manual"
     tests:
       test_items:
-      - flag: "--experimental-encryption-provider-config"
+      - flag: "--encryption-provider-config"
         set: true
     remediation: |
       Follow the Kubernetes documentation and configure a EncryptionConfig file.
       Then, edit the API server pod specification file $apiserverconf on the
-      master node and set the --experimental-encryption-provider-config parameter
+      master node and set the --encryption-provider-config parameter
       to the path of that file:
-      --experimental-encryption-provider-config=</path/to/EncryptionConfig/File>
+      --encryption-provider-config=</path/to/EncryptionConfig/File>
     scored: true
 
   - id: 1.1.35
diff --git a/cfg/1.13/node.yaml b/cfg/1.13/node.yaml
index 8cc7b3f491c673597f94887f4b489463d62560f6..afc165748361f18ae7d46d025f868dc5bc166cf9 100644
--- a/cfg/1.13/node.yaml
+++ b/cfg/1.13/node.yaml
@@ -220,8 +220,9 @@ groups:
     scored: true
 
   - id: 2.1.11
-    text: "Ensure that the --cadvisor-port argument is set to 0 (Scored)"
+    text: "[DEPRECATED] Ensure that the --cadvisor-port argument is set to 0 (Not Scored)"
     audit: "ps -fC $kubeletbin"
+    type: skip
     tests:
       bin_op: or
       test_items:
@@ -239,7 +240,7 @@ groups:
       Based on your system, restart the kubelet service. For example:
       systemctl daemon-reload
       systemctl restart kubelet.service
-    scored: true
+    scored: false
 
   - id: 2.1.12
     text: "Ensure that the --rotate-certificates argument is not set to false (Scored)"