Skip to content

DISA STIG for Red Hat OpenShift Container Platform 4 - Platform level

Rules and Groups employed by this XCCDF Profile

  • Only Use LDAP-based IdPs with TLS

    <p> For users to interact with OpenShift Container Platform, they must first authenticate to the cluster. The authentication layer i...
    Rule High Severity
  • OpenShift Controller Settings

    This section contains recommendations for the kube-controller-manager configuration
    Group
  • Ensure Controller insecure port argument is unset

    To ensure the Controller Manager service is bound to secure loopback address and a secure port, set the <code>RotateKubeletServerCertificate</code>...
    Rule Low Severity
  • Ensure that the RotateKubeletServerCertificate argument is set

    To enforce kubelet server certificate rotation on the Controller Manager, set the <code>RotateKubeletServerCertificate</code> option to <code>true<...
    Rule Medium Severity
  • Ensure Controller secure-port argument is set

    To ensure the Controller Manager service is bound to secure loopback address using a secure port, set the <code>RotateKubeletServerCertificate</cod...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules