Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform must use FIPS validated cryptographic mechanisms to protect the integrity of log information.
To fully investigate an incident and to have trust in the audit data that is generated, it is important to put in place data protections. Without integrity protections, unauthorized changes may be ...Rule Medium Severity -
SRG-APP-000131
Group -
SRG-APP-000131
Group -
SRG-APP-000133
Group -
The container platform must limit privileges to the container platform registry.
To control what is instantiated within the container platform, it is important to control access to the registry. Without this control, container images can be introduced and instantiated by accide...Rule Medium Severity -
SRG-APP-000133
Group -
The container platform must limit privileges to the container platform runtime.
To control what is instantiated within the container platform, it is important to control access to the runtime. Without this control, container platform specific services and customer services can...Rule Medium Severity -
SRG-APP-000133
Group -
The container platform must limit privileges to the container platform keystore.
The container platform keystore is used to store credentials used to build a trust between the container platform and some external source. This trust relationship is authorized by the organization...Rule Medium Severity -
SRG-APP-000133
Group -
SRG-APP-000133
Group -
SRG-APP-000141
Group -
The container platform must be configured with only essential configurations.
The container platform can be built with components that are not used for the intended purpose of the organization. To limit the attack surface of the container platform, it is essential that the n...Rule Medium Severity -
SRG-APP-000141
Group -
The container platform registry must contain only container images for those capabilities being offered by the container platform.
Allowing container images to reside within the container platform registry that are not essential to the capabilities being offered by the container platform becomes a potential security risk. By a...Rule Medium Severity -
SRG-APP-000142
Group -
The container platform runtime must enforce ports, protocols, and services that adhere to the PPSM CAL.
Ports, protocols, and services within the container platform runtime must be controlled and conform to the PPSM CAL. Those ports, protocols, and services that fall outside the PPSM CAL must be bloc...Rule Medium Severity -
SRG-APP-000142
Group -
The container platform runtime must enforce the use of ports that are non-privileged.
Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The containe...Rule Medium Severity -
SRG-APP-000148
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.