Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000374
<GroupDescription></GroupDescription>Group -
All audit records must use UTC or GMT time stamps.
<VulnDiscussion>The container platform and its components must generate audit records using either Coordinated Universal Time (UTC) or Greenw...Rule Medium Severity -
SRG-APP-000375
<GroupDescription></GroupDescription>Group -
The container platform must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data and images. The...Rule Medium Severity -
The container platform runtime must prohibit the instantiation of container images without explicit privileged status.
<VulnDiscussion>Controlling access to those users and roles responsible for container image instantiation reduces the risk of untested or pot...Rule High Severity -
SRG-APP-000378
<GroupDescription></GroupDescription>Group -
The container platform registry must prohibit installation or modification of container images without explicit privileged status.
<VulnDiscussion>Controlling access to those users and roles that perform container platform registry functions reduces the risk of untested o...Rule Medium Severity -
SRG-APP-000380
<GroupDescription></GroupDescription>Group -
The container platform must enforce access restrictions for container platform configuration changes.
<VulnDiscussion>Configuration changes cause the container platform to change the way it operates. These changes can be used to improve the sy...Rule Medium Severity -
SRG-APP-000381
<GroupDescription></GroupDescription>Group -
The container platform must enforce access restrictions and support auditing of the enforcement actions.
<VulnDiscussion>Auditing the enforcement of access restrictions against changes to the container platform helps identify attacks and provides...Rule Medium Severity -
SRG-APP-000383
<GroupDescription></GroupDescription>Group -
All non-essential, unnecessary, and unsecure DoD ports, protocols, and services must be disabled in the container platform.
<VulnDiscussion>To properly offer services to the user and to orchestrate containers, the container platform may offer services that use port...Rule Medium Severity -
SRG-APP-000384
<GroupDescription></GroupDescription>Group -
SRG-APP-000429
<GroupDescription></GroupDescription>Group -
The container platform must prevent component execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.
<VulnDiscussion>The container platform may offer components such as DNS services, firewall services, router services, or web services that ar...Rule Medium Severity -
SRG-APP-000386
<GroupDescription></GroupDescription>Group -
The container platform registry must employ a deny-all, permit-by-exception (whitelist) policy to allow only authorized container images in the container platform.
<VulnDiscussion>Controlling the sources where container images can be pulled from allows the organization to define what software can be run ...Rule Medium Severity -
SRG-APP-000391
<GroupDescription></GroupDescription>Group -
The container platform must be configured to use multi-factor authentication for user authentication.
<VulnDiscussion>Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.