III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000378
<GroupDescription></GroupDescription>Group -
The container platform registry must prohibit installation or modification of container images without explicit privileged status.
<VulnDiscussion>Controlling access to those users and roles that perform container platform registry functions reduces the risk of untested o...Rule Medium Severity -
SRG-APP-000380
<GroupDescription></GroupDescription>Group -
The container platform must enforce access restrictions for container platform configuration changes.
<VulnDiscussion>Configuration changes cause the container platform to change the way it operates. These changes can be used to improve the sy...Rule Medium Severity -
SRG-APP-000381
<GroupDescription></GroupDescription>Group -
The container platform must enforce access restrictions and support auditing of the enforcement actions.
<VulnDiscussion>Auditing the enforcement of access restrictions against changes to the container platform helps identify attacks and provides...Rule Medium Severity -
SRG-APP-000383
<GroupDescription></GroupDescription>Group -
All non-essential, unnecessary, and unsecure DoD ports, protocols, and services must be disabled in the container platform.
<VulnDiscussion>To properly offer services to the user and to orchestrate containers, the container platform may offer services that use port...Rule Medium Severity -
SRG-APP-000384
<GroupDescription></GroupDescription>Group -
The container platform must prevent component execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.
<VulnDiscussion>The container platform may offer components such as DNS services, firewall services, router services, or web services that ar...Rule Medium Severity -
SRG-APP-000386
<GroupDescription></GroupDescription>Group -
The container platform registry must employ a deny-all, permit-by-exception (whitelist) policy to allow only authorized container images in the container platform.
<VulnDiscussion>Controlling the sources where container images can be pulled from allows the organization to define what software can be run ...Rule Medium Severity -
SRG-APP-000389
<GroupDescription></GroupDescription>Group -
The container platform must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.
<VulnDiscussion>Controlling user access is paramount in securing the container platform. During a user's access to the container platform, ev...Rule Medium Severity -
SRG-APP-000390
<GroupDescription></GroupDescription>Group -
The container platform must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.
<VulnDiscussion>The container platform may require external devices be used to fully orchestrate the services needed for users. Examples woul...Rule Medium Severity -
SRG-APP-000391
<GroupDescription></GroupDescription>Group -
The container platform must be configured to use multi-factor authentication for user authentication.
<VulnDiscussion>Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating...Rule Medium Severity -
SRG-APP-000397
<GroupDescription></GroupDescription>Group -
The container platform must allow the use of a temporary password for system logons with an immediate change to a permanent password.
<VulnDiscussion>Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.