Skip to content
Log In

Container Platform Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000920

    Group
    Show

  • SRG-APP-000247

    Group
    Show

  • The container must have resource request limits set.

    Setting a container resource request limit allows the container platform to determine the best location for the container to execute. The container platform looks at the resources available and fin...
    Rule Medium Severity
    Show

  • SRG-APP-000380

    Group
    Show

  • The container root filesystem must be mounted as read-only.

    Any changes to a container must be made by rebuilding the image and redeploying the new container image. Once a container is running, changes to the root filesystem should not be needed, thus prese...
    Rule Medium Severity
    Show

  • The container platform must use TLS 1.2 or greater for secure container image transport from trusted sources.

    The authenticity and integrity of the container image during the container image lifecycle is part of the overall security posture of the container platform. This begins with the container image cr...
    Rule Medium Severity
    Show

  • The container platform must use a centralized user management solution to support account management functions.

    Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. A comp...
    Rule Medium Severity
    Show

  • The container platform must automatically disable accounts after a 35-day period of account inactivity.

    Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to...
    Rule Medium Severity
    Show

  • The container platform must automatically audit account removal actions.

    When application accounts are removed, user accessibility is affected. Once an attacker establishes access to an application, the attacker often attempts to remove authorized accounts to disrupt se...
    Rule Medium Severity
    Show

  • The container platform must enforce approved authorizations for controlling the flow of information between interconnected systems and services based on organization-defined information flow control policies.

    Controlling information flow between the container platform components and container user services instantiated by the container platform must enforce organization-defined information flow policies...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules