Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform must be built from verified packages.
It is important to patch and upgrade the container platform when patches and upgrades are available. More important is to get these patches and upgrades from a known source. To validate the authent...Rule Medium Severity -
The container platform must verify container images.
The container platform must be capable of validating container images are signed and that the digital signature is from a recognized and approved source approved by the organization. Allowing any c...Rule Medium Severity -
Configuration files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileged users. Changes to the container platform can introduce security risks...Rule Medium Severity -
Authentication files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privileged users. Changes to the container platform can introduce security risk...Rule Medium Severity -
The container platform must uniquely identify and authenticate users.
The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall container platform or may be component-specific, thus requiring users to au...Rule Medium Severity -
The container platform application program interface (API) must uniquely identify and authenticate processes acting on behalf of the users.
The container platform API can be used to perform any task within the platform. Often, the API is used to create tasks that perform some kind of maintenance task and run without user interaction. T...Rule Medium Severity -
The container platform must use multifactor authentication for network access to privileged accounts.
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authenticat...Rule Medium Severity -
The container platform must use multifactor authentication for network access to non-privileged accounts.
To ensure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor auth...Rule Medium Severity -
The container platform must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
To ensure individual accountability and prevent unauthorized access, application users must be individually identified and authenticated. Individual accountability mandates that each user be uniqu...Rule Medium Severity -
The container platform must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Inactive identifiers pose a risk to systems and applications. Attackers that are able to exploit an inactive identifier can potentially obtain and maintain undetected access to the application. Own...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.