Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform must display the Standard Mandatory DoD Notice and Consent Banner before granting access to platform components.
The container platform has countless components where different access levels are needed. To control access, the user must first log in to the component and then be presented with a DoD-approved us...Rule Low Severity -
The container platform must generate audit records when successful/unsuccessful attempts to access privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
All audit records must identify what type of event has occurred within the container platform.
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, th...Rule Medium Severity -
The container platform audit records must have a date and time association with all events.
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, th...Rule Medium Severity -
All audit records must identify the source of the event within the container platform.
Audit data is important when there are issues, to include security incidents that must be investigated. Since the audit data may be part of a larger audit system, it is important for the audit data...Rule Medium Severity -
All audit records must identify any containers associated with the event within the container platform.
Without information that establishes the identity of the containers offering user services or running on behalf of a user within the platform associated with audit events, security personnel cannot...Rule Medium Severity -
The container platform must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
During an investigation of an incident, it is important to fully understand what took place. Often, information is not part of the audited event due to the data's nature, security risk, or audit lo...Rule Medium Severity -
The container platform must protect audit information from unauthorized modification.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of...Rule Medium Severity -
The container platform must protect audit information from unauthorized deletion.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of...Rule Medium Severity -
The container platform must protect audit tools from unauthorized access.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...Rule Medium Severity -
The container platform must be built from verified packages.
It is important to patch and upgrade the container platform when patches and upgrades are available. More important is to get these patches and upgrades from a known source. To validate the authent...Rule Medium Severity -
The container platform must verify container images.
The container platform must be capable of validating container images are signed and that the digital signature is from a recognized and approved source approved by the organization. Allowing any c...Rule Medium Severity -
Configuration files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileged users. Changes to the container platform can introduce security risks...Rule Medium Severity -
Authentication files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privileged users. Changes to the container platform can introduce security risk...Rule Medium Severity -
The container platform must uniquely identify and authenticate users.
The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall container platform or may be component-specific, thus requiring users to au...Rule Medium Severity -
The container platform application program interface (API) must uniquely identify and authenticate processes acting on behalf of the users.
The container platform API can be used to perform any task within the platform. Often, the API is used to create tasks that perform some kind of maintenance task and run without user interaction. T...Rule Medium Severity -
The container platform must use multifactor authentication for network access to privileged accounts.
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authenticat...Rule Medium Severity -
The container platform must use multifactor authentication for network access to non-privileged accounts.
To ensure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor auth...Rule Medium Severity -
The container platform must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
To ensure individual accountability and prevent unauthorized access, application users must be individually identified and authenticated. Individual accountability mandates that each user be uniqu...Rule Medium Severity -
The container platform must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Inactive identifiers pose a risk to systems and applications. Attackers that are able to exploit an inactive identifier can potentially obtain and maintain undetected access to the application. Own...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.