Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform runtime must enforce the use of ports that are non-privileged.
<VulnDiscussion>Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use t...Rule Medium Severity -
SRG-APP-000148
<GroupDescription></GroupDescription>Group -
The container platform must uniquely identify and authenticate users.
<VulnDiscussion>The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall con...Rule Medium Severity -
SRG-APP-000148
<GroupDescription></GroupDescription>Group -
The container platform application program interface (API) must uniquely identify and authenticate users.
<VulnDiscussion>The container platform requires user accounts to perform container platform tasks. These tasks are often performed through th...Rule Medium Severity -
SRG-APP-000148
<GroupDescription></GroupDescription>Group -
The container platform must uniquely identify and authenticate processes acting on behalf of the users.
<VulnDiscussion>The container platform will instantiate a container image and use the user privileges given to the user used to execute the c...Rule Medium Severity -
SRG-APP-000148
<GroupDescription></GroupDescription>Group -
The container platform must limit privileges to the container platform keystore.
<VulnDiscussion>The container platform keystore is used to store credentials used to build a trust between the container platform and some ex...Rule Medium Severity -
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
Configuration files for the container platform must be protected.
<VulnDiscussion>The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileg...Rule Medium Severity -
SRG-APP-000133
<GroupDescription></GroupDescription>Group -
Authentication files for the container platform must be protected.
<VulnDiscussion>The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privile...Rule Medium Severity -
The container platform must require the change of at least 15 of the total number of characters when passwords are changed.
<VulnDiscussion>If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of pass...Rule Medium Severity -
SRG-APP-000171
<GroupDescription></GroupDescription>Group -
For container platform using password authentication, the application must store only cryptographic representations of passwords.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are...Rule Medium Severity -
SRG-APP-000172
<GroupDescription></GroupDescription>Group -
The container platform must prevent unauthorized and unintended information transfer via shared system resources.
<VulnDiscussion>The container platform makes host system resources available to container services. These shared resources, such as the host ...Rule Medium Severity -
SRG-APP-000246
<GroupDescription></GroupDescription>Group -
SRG-APP-000141
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.