Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
The container platform must limit privileges to the container platform registry.
<VulnDiscussion>To control what is instantiated within the container platform, it is important to control access to the registry. Without thi...Rule Medium Severity -
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
The container platform must limit privileges to the container platform runtime.
<VulnDiscussion>To control what is instantiated within the container platform, it is important to control access to the runtime. Without this...Rule Medium Severity -
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
The container platform must limit privileges to the container platform keystore.
<VulnDiscussion>The container platform keystore is used to store credentials used to build a trust between the container platform and some ex...Rule Medium Severity -
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
Configuration files for the container platform must be protected.
<VulnDiscussion>The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileg...Rule Medium Severity -
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
Authentication files for the container platform must be protected.
<VulnDiscussion>The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privile...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The container platform must be configured with only essential configurations.
<VulnDiscussion>The container platform can be built with components that are not used for the intended purpose of the organization. To limit ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The container platform registry must contain only container images for those capabilities being offered by the container platform.
<VulnDiscussion>Allowing container images to reside within the container platform registry that are not essential to the capabilities being o...Rule Medium Severity -
SRG-APP-000142
<GroupDescription></GroupDescription>Group -
The container platform runtime must enforce ports, protocols, and services that adhere to the PPSM CAL.
<VulnDiscussion>Ports, protocols, and services within the container platform runtime must be controlled and conform to the PPSM CAL. Those po...Rule Medium Severity -
SRG-APP-000142
<GroupDescription></GroupDescription>Group -
The container platform runtime must enforce the use of ports that are non-privileged.
<VulnDiscussion>Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use t...Rule Medium Severity -
SRG-APP-000148
<GroupDescription></GroupDescription>Group -
The container platform must uniquely identify and authenticate users.
<VulnDiscussion>The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall con...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.