Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000840
Group -
SRG-APP-000845
Group -
SRG-APP-000855
Group -
SRG-APP-000860
Group -
SRG-APP-000865
Group -
SRG-APP-000880
Group -
The container platform must protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.
Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Communications paths can be logically separated using enc...Rule Medium Severity -
SRG-APP-000910
Group -
SRG-APP-000915
Group -
The container platform must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.
A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.Rule Medium Severity -
SRG-APP-000920
Group -
SRG-APP-000247
Group -
The container must have resource request limits set.
Setting a container resource request limit allows the container platform to determine the best location for the container to execute. The container platform looks at the resources available and fin...Rule Medium Severity -
SRG-APP-000380
Group -
The container root filesystem must be mounted as read-only.
Any changes to a container must be made by rebuilding the image and redeploying the new container image. Once a container is running, changes to the root filesystem should not be needed, thus prese...Rule Medium Severity -
The container platform must use TLS 1.2 or greater for secure container image transport from trusted sources.
The authenticity and integrity of the container image during the container image lifecycle is part of the overall security posture of the container platform. This begins with the container image cr...Rule Medium Severity -
The container platform must use a centralized user management solution to support account management functions.
Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. A comp...Rule Medium Severity -
The container platform must automatically disable accounts after a 35-day period of account inactivity.
Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to...Rule Medium Severity -
The container platform must automatically audit account removal actions.
When application accounts are removed, user accessibility is affected. Once an attacker establishes access to an application, the attacker often attempts to remove authorized accounts to disrupt se...Rule Medium Severity -
The container platform must enforce approved authorizations for controlling the flow of information between interconnected systems and services based on organization-defined information flow control policies.
Controlling information flow between the container platform components and container user services instantiated by the container platform must enforce organization-defined information flow policies...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.