Ensure ETCD has correct cipher suite

An XCCDF Rule

Details
Profiles
Prose

Description

Check the current cipher suite used in ETCD.

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the /api/v1/namespaces/openshift-etcd/configmaps/etcd-pod API endpoint to the local /api/v1/namespaces/openshift-etcd/configmaps/etcd-pod file.

Rationale

Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.

ID: xccdf_org.ssgproject.content_rule_etcd_check_cipher_suite
Severity: Medium
References: Req-4.1

CCE-85866-2
Updated: about 1 year ago