STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform must limit privileges to the container platform keystore.

DISA Rule

SV-233068r599716_rule

Vulnerability Number

V-233068

Group Title

SRG-APP-000133

Rule Version

SRG-APP-000133-CTR-000300

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Configure the container platform to use and enforce user privileges when accessing the container platform keystore.

Check Contents

Review the container platform keystore configuration to determine if the level of access to the keystore is controlled through user privileges.

Attempt to perform keystore operations to determine if the privileges are enforced.

If the container platform keystore is not limited through user privileges or the user privileges are not enforced, this is a finding.

Vulnerability Number

V-233068

Documentable

False

Rule Version

SRG-APP-000133-CTR-000300

Severity Override Guidance

Review the container platform keystore configuration to determine if the level of access to the keystore is controlled through user privileges.

Attempt to perform keystore operations to determine if the privileges are enforced.

If the container platform keystore is not limited through user privileges or the user privileges are not enforced, this is a finding.

Check Content Reference

M

Target Key

5239

Comments