Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000439
<GroupDescription></GroupDescription>Group -
The application must protect the confidentiality and integrity of transmitted information.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communi...Rule High Severity -
SRG-APP-000441
<GroupDescription></GroupDescription>Group -
The container platform must maintain the confidentiality and integrity of information during preparation for transmission.
<VulnDiscussion>Information may be unintentionally or maliciously disclosed or modified during preparation for transmission within the contai...Rule Medium Severity -
SRG-APP-000442
<GroupDescription></GroupDescription>Group -
The container platform must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
<VulnDiscussion>Software or code parameters typically follow well-defined protocols that use structured messages (i.e., commands or queries) ...Rule Medium Severity -
SRG-APP-000450
<GroupDescription></GroupDescription>Group -
The container platform must implement organization-defined security safeguards to protect system CPU and memory from resource depletion and unauthorized code execution.
<VulnDiscussion>The execution of images within the container platform runtime must implement organizational defined security safeguards to pr...Rule Medium Severity -
SRG-APP-000454
<GroupDescription></GroupDescription>Group -
The container platform must remove old components after updated versions have been installed.
<VulnDiscussion>Previous versions of container platform components that are not removed from the container platform after updates have been i...Rule Medium Severity -
SRG-APP-000454
<GroupDescription></GroupDescription>Group -
The container platform registry must remove old container images after updating versions have been made available.
<VulnDiscussion>Obsolete and stale images need to be removed from the registry to ensure the container platform maintains a secure posture. W...Rule Medium Severity -
SRG-APP-000456
<GroupDescription></GroupDescription>Group -
The container platform registry must contain the latest images with most recent updates and execute within the container platform runtime as authorized by IAVM, CTOs, DTMs, and STIGs.
<VulnDiscussion>Software supporting the container platform, images in the registry must stay up to date with the latest patches, service pack...Rule Medium Severity -
SRG-APP-000456
<GroupDescription></GroupDescription>Group -
SRG-APP-000493
<GroupDescription></GroupDescription>Group -
The container platform must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
The container platform runtime must have updates installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
<VulnDiscussion>The container platform runtime must be carefully monitored for vulnerabilities, and when problems are detected, they must be ...Rule Medium Severity -
SRG-APP-000472
<GroupDescription></GroupDescription>Group -
The organization-defined role must verify correct operation of security functions in the container platform.
<VulnDiscussion>Without verification, security functions may not operate correctly and this failure may go unnoticed within the container pla...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.