Skip to content

No profile (default benchmark)

Rules and Groups employed by this XCCDF Profile

  • User-managed resources must be created in dedicated namespaces.

    <VulnDiscussion>Dedicated namespaces act as security boundaries, limiting the blast radius in case of security incidents or misconfigurations...
    Rule Medium Severity
  • SRG-APP-000033-CTR-000095

    <GroupDescription></GroupDescription>
    Group
  • Least privilege access and need to know must be required to access MKE runtime and instantiate container images.

    &lt;VulnDiscussion&gt;To control what is instantiated within MKE, it is important to control access to the runtime. Without this control, container...
    Rule High Severity
  • SRG-APP-000142-CTR-000325

    <GroupDescription></GroupDescription>
    Group
  • Only required ports must be open on containers in MKE.

    &lt;VulnDiscussion&gt;Ports, protocols, and services within MKE runtime must be controlled and conform to the PPSM CAL. Those ports, protocols, and...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules