Skip to content

Container Platform Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000472

    <GroupDescription></GroupDescription>
    Group
  • The organization-defined role must verify correct operation of security functions in the container platform.

    &lt;VulnDiscussion&gt;Without verification, security functions may not operate correctly and this failure may go unnoticed within the container pla...
    Rule Medium Severity
  • SRG-APP-000473

    <GroupDescription></GroupDescription>
    Group
  • The container platform must perform verification of the correct operation of security functions: upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.

    &lt;VulnDiscussion&gt;Without verification, security functions may not operate correctly and this failure may go unnoticed within the container pla...
    Rule Medium Severity
  • SRG-APP-000474

    <GroupDescription></GroupDescription>
    Group
  • The container platform must provide system notifications to the system administrator and operational staff when anomalies in the operation of the organization-defined security functions are discovered.

    &lt;VulnDiscussion&gt;If anomalies are not acted upon, security functions may fail to secure the container within the container platform runtime. ...
    Rule Medium Severity
  • SRG-APP-000492

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to access security objects occur.

    &lt;VulnDiscussion&gt;The container platform and its components must generate audit records when successful and unsuccessful access security object...
    Rule Medium Severity
  • SRG-APP-000493

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to access security levels occur.

    &lt;VulnDiscussion&gt;Unauthorized users could access the security levels to exploit vulnerabilities within the container platform component. All t...
    Rule Medium Severity
  • SRG-APP-000494

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

    &lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...
    Rule Medium Severity
  • SRG-APP-000495

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to modify privileges occur.

    &lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...
    Rule Medium Severity
  • SRG-APP-000496

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to modify security objects occur.

    &lt;VulnDiscussion&gt;The container platform and its components must generate audit records when modifying security objects. All the components mus...
    Rule Medium Severity
  • SRG-APP-000497

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to modify security levels occur.

    &lt;VulnDiscussion&gt;Unauthorized users could modify the security levels to exploit vulnerabilities within the container platform component. All t...
    Rule Medium Severity
  • SRG-APP-000498

    <GroupDescription></GroupDescription>
    Group
  • The container platform must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.

    &lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules