STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

For container platform using password authentication, the application must store only cryptographic representations of passwords.

DISA Rule

SV-233095r599591_rule

Vulnerability Number

V-233095

Group Title

SRG-APP-000171

Rule Version

SRG-APP-000171-CTR-000435

Severity

CAT II

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the container platform to store only cryptographic representations of passwords if passwords are being used for authentication.

Check Contents

Review the container platform configuration to determine if it using password authentication and stores only cryptographic representations of the passwords.

If the container platform is using password authentication and does not store only cryptographic representations of passwords, this is a finding.

Vulnerability Number

V-233095

Documentable

False

Rule Version

SRG-APP-000171-CTR-000435

Severity Override Guidance

Review the container platform configuration to determine if it using password authentication and stores only cryptographic representations of the passwords.

If the container platform is using password authentication and does not store only cryptographic representations of passwords, this is a finding.

Check Content Reference

M

Target Key

5239

Comments