Skip to content
Log In

Container Platform Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000038

    Group
    Show

  • The container platform must enforce approved authorizations for controlling the flow of information within the container platform based on organization-defined information flow control policies.

    Controlling information flow between the container platform components and container user services instantiated by the container platform must enforce organization-defined information flow policies...
    Rule Medium Severity
    Show

  • SRG-APP-000039

    Group
    Show

  • SRG-APP-000065

    Group
    Show

  • The container platform must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

    By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the a...
    Rule Medium Severity
    Show

  • SRG-APP-000068

    Group
    Show

  • SRG-APP-000069

    Group
    Show

  • The container platform must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage and conditions and take explicit actions to log on for further access.

    The banner must be acknowledged by the user prior to allowing the user access to any container platform component. This provides assurance that the user has seen the message and accepted the condit...
    Rule Low Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • The container platform must generate audit records for all DoD-defined auditable events within all components in the platform.

    Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, including security incidents t...
    Rule Medium Severity
    Show

  • SRG-APP-000090

    Group
    Show

  • The container platform must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

    Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audi...
    Rule Medium Severity
    Show

  • SRG-APP-000091

    Group
    Show

  • SRG-APP-000092

    Group
    Show

  • The container platform must initiate session auditing upon startup.

    When the container platform is started, container platform components and user services can also be started. It is important that the container platform begin auditing on startup in order to handle...
    Rule Medium Severity
    Show

  • SRG-APP-000095

    Group
    Show

  • SRG-APP-000096

    Group
    Show

  • SRG-APP-000097

    Group
    Show

  • All audit records must identify where in the container platform the event occurred.

    Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, th...
    Rule Medium Severity
    Show

  • SRG-APP-000098

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules