II - Mission Support Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000133
Group -
The container platform must limit privileges to the container platform registry.
To control what is instantiated within the container platform, it is important to control access to the registry. Without this control, container images can be introduced and instantiated by accide...Rule Medium Severity -
SRG-APP-000133
Group -
The container platform must limit privileges to the container platform runtime.
To control what is instantiated within the container platform, it is important to control access to the runtime. Without this control, container platform specific services and customer services can...Rule Medium Severity -
SRG-APP-000133
Group -
The container platform must limit privileges to the container platform keystore.
The container platform keystore is used to store credentials used to build a trust between the container platform and some external source. This trust relationship is authorized by the organization...Rule Medium Severity -
SRG-APP-000133
Group -
Configuration files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileged users. Changes to the container platform can introduce security risks...Rule Medium Severity -
SRG-APP-000133
Group -
Authentication files for the container platform must be protected.
The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privileged users. Changes to the container platform can introduce security risk...Rule Medium Severity -
SRG-APP-000141
Group -
The container platform must be configured with only essential configurations.
The container platform can be built with components that are not used for the intended purpose of the organization. To limit the attack surface of the container platform, it is essential that the n...Rule Medium Severity -
SRG-APP-000141
Group -
The container platform registry must contain only container images for those capabilities being offered by the container platform.
Allowing container images to reside within the container platform registry that are not essential to the capabilities being offered by the container platform becomes a potential security risk. By a...Rule Medium Severity -
SRG-APP-000142
Group -
The container platform runtime must enforce ports, protocols, and services that adhere to the PPSM CAL.
Ports, protocols, and services within the container platform runtime must be controlled and conform to the PPSM CAL. Those ports, protocols, and services that fall outside the PPSM CAL must be bloc...Rule Medium Severity -
SRG-APP-000142
Group -
The container platform runtime must enforce the use of ports that are non-privileged.
Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The containe...Rule Medium Severity -
SRG-APP-000148
Group -
The container platform must uniquely identify and authenticate users.
The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall container platform or may be component-specific, thus requiring users to au...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.