Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Rancher MCM must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithms for transmission.
<VulnDiscussion>The container platform and its components will adhere to NIST 800-52R2. To ensure that traffic coming through the ingress con...Rule High Severity -
SRG-APP-000318-CTR-000740
<GroupDescription></GroupDescription>Group -
Rancher MCM must enforce organization-defined circumstances and/or usage conditions for organization-defined accounts.
<VulnDiscussion>Rancher MCM must verify the certificate used for Rancher's ingress is a valid DOD certificate. This is achieved by verifying ...Rule Medium Severity -
SRG-APP-000026-CTR-000070
<GroupDescription></GroupDescription>Group -
Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
<VulnDiscussion>Audit logs must be enabled. Rancher MCM provides audit record generation capabilities. Audit logs capture what happened, whe...Rule Medium Severity -
SRG-APP-000028-CTR-000080
<GroupDescription></GroupDescription>Group -
When allowed by the central authentication system, the default role assigned to a user must be User-Base.
<VulnDiscussion>Rancher MCM uses roles for authentication. It is necessary to ensure the proper roles and permissions are configured. The rol...Rule Medium Severity -
SRG-APP-000098-CTR-000185
<GroupDescription></GroupDescription>Group -
Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.
<VulnDiscussion>Rancher logging capability and optional aggregation The Rancher server automatically logs everything at the container level....Rule Medium Severity -
SRG-APP-000234-CTR-000590
<GroupDescription></GroupDescription>Group -
Rancher MCM must never automatically remove or disable emergency accounts.
<VulnDiscussion>Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid ...Rule Medium Severity -
SRG-APP-000645-CTR-001410
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.