Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform must notify system administrators (SAs) and the information system security officer (ISSO) when accounts are created.
Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply ...Rule Medium Severity -
SRG-APP-000292
Group -
SRG-APP-000293
Group -
The container platform must notify system administrators and ISSO for account disabling actions.
When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the application processes themselves. Sending notif...Rule Medium Severity -
SRG-APP-000294
Group -
The container platform must notify system administrators and ISSO for account removal actions.
When application accounts are removed, user accessibility is affected. Accounts are utilized for identifying users or for identifying the application processes themselves. Sending notification of a...Rule Medium Severity -
SRG-APP-000297
Group -
Access to the container platform must display an explicit logout message to user indicating the reliable termination of authenticated communication sessions.
Access to the container platform will occur through web and terminal sessions. Any web interfaces must conform to application and web security requirements. Terminal access to the container platfor...Rule Low Severity -
SRG-APP-000317
Group -
The container platform must terminate shared/group account credentials when members leave the group.
If shared/group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized. A shared/group...Rule Medium Severity -
SRG-APP-000319
Group -
SRG-APP-000320
Group -
SRG-APP-000340
Group -
The container platform must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Controlling what users can perform privileged functions prevents unauthorized users from performing tasks that may expose data or degrade the container platform. When users are not segregated into ...Rule Medium Severity -
SRG-APP-000342
Group -
Container images instantiated by the container platform must execute using least privileges.
Containers running within the container platform must execute as non-privileged. When a container can execute as a privileged container, the privileged container is also a privileged user within th...Rule Medium Severity -
SRG-APP-000343
Group -
The container platform must audit the execution of privileged functions.
Privileged functions within the container platform can be component specific or can envelope the entire container platform. Because of the nature of the commands, it is important to understand what...Rule Medium Severity -
SRG-APP-000345
Group -
SRG-APP-000516
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.