Skip to content

The container platform must limit privileges to the container platform keystore.

An XCCDF Rule

Description

<VulnDiscussion>The container platform keystore is used to store credentials used to build a trust between the container platform and some external source. This trust relationship is authorized by the organization. If a malicious user were to have access to the container platform keystore, two negative scenarios could develop: 1) Keys not approved could be introduced and 2) Approved keys deleted, leading to the introduction of container images from sources that were never approved by the organization. To thwart this threat, it is important to protect the container platform keystore and give access to only those individuals and roles approved by the organization.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-233068r879586_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the container platform to use and enforce user privileges when accessing the container platform keystore.