Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform must display the Standard Mandatory DoD Notice and Consent Banner before granting access to platform components.
The container platform has countless components where different access levels are needed. To control access, the user must first log in to the component and then be presented with a DoD-approved us...Rule Low Severity -
The container platform must generate audit records when successful/unsuccessful attempts to access privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
All audit records must identify what type of event has occurred within the container platform.
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, th...Rule Medium Severity -
The container platform audit records must have a date and time association with all events.
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, th...Rule Medium Severity -
All audit records must identify the source of the event within the container platform.
Audit data is important when there are issues, to include security incidents that must be investigated. Since the audit data may be part of a larger audit system, it is important for the audit data...Rule Medium Severity -
All audit records must identify any containers associated with the event within the container platform.
Without information that establishes the identity of the containers offering user services or running on behalf of a user within the platform associated with audit events, security personnel cannot...Rule Medium Severity -
The container platform must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
During an investigation of an incident, it is important to fully understand what took place. Often, information is not part of the audited event due to the data's nature, security risk, or audit lo...Rule Medium Severity -
The container platform must protect audit information from unauthorized modification.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of...Rule Medium Severity -
The container platform must protect audit information from unauthorized deletion.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of...Rule Medium Severity -
The container platform must protect audit tools from unauthorized access.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...Rule Medium Severity -
The container platform must be built from verified packages.
It is important to patch and upgrade the container platform when patches and upgrades are available. More important is to get these patches and upgrades from a known source. To validate the authent...Rule Medium Severity -
The container platform must verify container images.
The container platform must be capable of validating container images are signed and that the digital signature is from a recognized and approved source approved by the organization. Allowing any c...Rule Medium Severity -
Configuration files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileged users. Changes to the container platform can introduce security risks...Rule Medium Severity -
Authentication files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privileged users. Changes to the container platform can introduce security risk...Rule Medium Severity -
The container platform must uniquely identify and authenticate users.
The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall container platform or may be component-specific, thus requiring users to au...Rule Medium Severity -
The container platform application program interface (API) must uniquely identify and authenticate processes acting on behalf of the users.
The container platform API can be used to perform any task within the platform. Often, the API is used to create tasks that perform some kind of maintenance task and run without user interaction. T...Rule Medium Severity -
The container platform must use multifactor authentication for network access to privileged accounts.
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authenticat...Rule Medium Severity -
The container platform must use multifactor authentication for network access to non-privileged accounts.
To ensure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor auth...Rule Medium Severity -
The container platform must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
To ensure individual accountability and prevent unauthorized access, application users must be individually identified and authenticated. Individual accountability mandates that each user be uniqu...Rule Medium Severity -
The container platform must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Inactive identifiers pose a risk to systems and applications. Attackers that are able to exploit an inactive identifier can potentially obtain and maintain undetected access to the application. Own...Rule Medium Severity -
The container platform must enforce password complexity by requiring that at least one lowercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
The container platform must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
Passwords need to be protected on entry, in transmission, during authentication, and when stored. If compromised at any of these security points, a nefarious user can use the password along with st...Rule High Severity -
The container platform must map the authenticated identity to the individual user or group account for PKI-based authentication.
The container platform and its components may require authentication before use. When the authentication is PKI-based, the container platform or component must map the certificate to a user account...Rule Medium Severity -
The container platform must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
To prevent the compromise of authentication information such as passwords during the authentication process, the feedback from the container platform and its components, e.g., runtime, registry, an...Rule Medium Severity -
The container platform must employ strong authenticators in the establishment of non-local maintenance and diagnostic sessions.
If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the system. The act of managing systems and applications includes the ability to...Rule Medium Severity -
The container platform must separate user functionality (including user interface services) from information system management functionality.
Separating user functionality from management functionality is a requirement for all the components within the container platform. Without the separation, users may have access to management functi...Rule Medium Severity -
The container platform runtime must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
The container platform offers services for container image orchestration and services for users. If any of these services were to fail into an insecure state, security measures for user and data se...Rule Medium Severity -
The container platform must never automatically remove or disable emergency accounts.
Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation ...Rule Medium Severity -
The container platform must prohibit containers from accessing privileged resources.
Containers images instantiated within the container platform may request access to host system resources. Access to privileged resources can allow for unauthorized and unintended transfer of inform...Rule Medium Severity -
The container platform must restrict individuals' ability to launch organizationally defined denial-of-service (DoS) attacks against other information systems.
The container platform will offer services to users and these services share resources available on the hosting system. To share the resources in a manner that does not exhaust or over utilize reso...Rule Medium Severity -
The container platform must use cryptographic mechanisms to protect the integrity of audit tools.
Protecting the integrity of the tools used for auditing purposes is a critical step to ensuring the integrity of audit data. Audit data includes all information (e.g., audit records, audit settings...Rule Medium Severity -
The container platform must notify system administrators (SAs) and the information system security officer (ISSO) when accounts are modified.
When application accounts are modified, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the application processes themselves. Sending notif...Rule Medium Severity -
The container platform must automatically audit account-enabling actions.
Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply ...Rule Medium Severity -
The container platform must notify the system administrator (SA) and information system security officer (ISSO) of account enabling actions.
Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply ...Rule Medium Severity -
The container platform must automatically lock an account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the a...Rule Medium Severity -
The container platform must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impe...Rule Medium Severity -
The container platform must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
To properly investigate an event, it is important to have enough granularity within the time stamps to determine the chronological order of the audited events. Without this granularity, events may ...Rule Medium Severity -
The container platform registry must prohibit installation or modification of container images without explicit privileged status.
Controlling access to those users and roles that perform container platform registry functions reduces the risk of untested or potentially malicious containers from being introduced into the platfo...Rule Medium Severity -
The container platform registry must employ a deny-all, permit-by-exception (whitelist) policy to allow only authorized container images in the container platform.
Controlling the sources where container images can be pulled from allows the organization to define what software can be run within the container platform. Allowing any container image to be introd...Rule Medium Severity -
The container platform must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.
Controlling user access is paramount in securing the container platform. During a user's access to the container platform, events may occur that change the user's access and which require reauthent...Rule Medium Severity -
The container platform must accept Personal Identity Verification (PIV) credentials from other federal agencies.
Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating users is the first step in controlling the access. Users may be validat...Rule Medium Severity -
The container platform must audit non-local maintenance and diagnostic sessions' organization-defined audit events associated with non-local maintenance.
To fully investigate an attack, it is important to understand the event and those events taking place during the same time period. Often, non-local administrative access and diagnostic sessions are...Rule Medium Severity -
The container platform must configure web management tools and Application Program Interfaces (API) with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are act...Rule Medium Severity -
The container platform keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform.
Container platform keystore is used for container deployments for persistent storage of all its REST API objects. These objects are sensitive in nature and should be encrypted at rest to avoid any ...Rule High Severity -
The container platform must maintain the confidentiality and integrity of information during preparation for transmission.
Information may be unintentionally or maliciously disclosed or modified during preparation for transmission within the container platform during aggregation, at protocol transformation points, and ...Rule Medium Severity -
The container platform must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
Software or code parameters typically follow well-defined protocols that use structured messages (i.e., commands or queries) to communicate between software modules or system components. Structured...Rule Medium Severity -
The container platform must remove old components after updated versions have been installed.
Previous versions of container platform components that are not removed from the container platform after updates have been installed may be exploited by adversaries by causing older components to ...Rule Medium Severity -
The container platform registry must remove old container images after updating versions have been made available.
Obsolete and stale images need to be removed from the registry to ensure the container platform maintains a secure posture. While the storing of these images does not directly pose a threat, they d...Rule Medium Severity -
The container platform runtime must have updates installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
The container platform runtime must be carefully monitored for vulnerabilities, and when problems are detected, they must be remediated quickly. A vulnerable runtime exposes all containers it suppo...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.