Container Platform Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The container platform must enforce approved authorizations for controlling the flow of information within the container platform based on organization-defined information flow control policies.
<VulnDiscussion>Controlling information flow between the container platform components and container user services instantiated by the contai...Rule Medium Severity -
SRG-APP-000039
<GroupDescription></GroupDescription>Group -
The container platform must enforce approved authorizations for controlling the flow of information between interconnected systems and services based on organization-defined information flow control policies.
<VulnDiscussion>Controlling information flow between the container platform components and container user services instantiated by the contai...Rule Medium Severity -
SRG-APP-000065
<GroupDescription></GroupDescription>Group -
The container platform must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
<VulnDiscussion>By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
SRG-APP-000068
<GroupDescription></GroupDescription>Group -
The container platform must display the Standard Mandatory DoD Notice and Consent Banner before granting access to platform components.
<VulnDiscussion>The container platform has countless components where different access levels are needed. To control access, the user must fi...Rule Low Severity -
SRG-APP-000069
<GroupDescription></GroupDescription>Group -
The container platform must prohibit the installation of patches and updates without explicit privileged status.
<VulnDiscussion>Controlling access to those users and roles responsible for patching and updating the container platform reduces the risk of ...Rule Medium Severity -
SRG-APP-000378
<GroupDescription></GroupDescription>Group -
The container platform must maintain the confidentiality and integrity of information during reception.
<VulnDiscussion>Information either can be unintentionally or maliciously disclosed or modified during reception for reception within the cont...Rule Medium Severity -
SRG-APP-000447
<GroupDescription></GroupDescription>Group -
SRG-APP-000101
<GroupDescription></GroupDescription>Group -
The container platform must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
<VulnDiscussion>During an investigation of an incident, it is important to fully understand what took place. Often, information is not part o...Rule Medium Severity -
SRG-APP-000109
<GroupDescription></GroupDescription>Group -
The container platform must restrict individuals' ability to launch organizationally defined denial-of-service (DoS) attacks against other information systems.
<VulnDiscussion>The container platform will offer services to users and these services share resources available on the hosting system. To sh...Rule Medium Severity -
SRG-APP-000266
<GroupDescription></GroupDescription>Group -
The container platform must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
<VulnDiscussion>The container platform is responsible for offering services to users. These services could be across diverse user groups and ...Rule Medium Severity -
SRG-APP-000290
<GroupDescription></GroupDescription>Group -
The container platform must protect audit tools from unauthorized deletion.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.