Skip to content

The container platform registry must contain only container images for those capabilities being offered by the container platform.

An XCCDF Rule

Description

<VulnDiscussion>Allowing container images to reside within the container platform registry that are not essential to the capabilities being offered by the container platform becomes a potential security risk. By allowing these non-essential container images to exist, the possibility for accidental instantiation exists. The images may be unpatched, not supported, or offer non-approved capabilities. Those images for customer services are considered essential capabilities.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-233072r879587_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Remove all container images from the container platform registry that are not being used or contain features and functions not supported by the platform.