STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform runtime must isolate security functions from non-security functions.

DISA Rule

SV-233125r599605_rule

Vulnerability Number

V-233125

Group Title

SRG-APP-000233

Rule Version

SRG-APP-000233-CTR-000585

Severity

CAT II

CCI(s)

• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

Configure the container platform runtime to isolate security functions from non-security functions.

Check Contents

Verify container platform runtime configuration settings to determine whether container services used for security functions are located in an isolated security function such as a separate environment variables, labels, network segregation, and kernel groups.

If security-related functions are not separate, this is a finding.

Vulnerability Number

V-233125

Documentable

False

Rule Version

SRG-APP-000233-CTR-000585

Severity Override Guidance

Verify container platform runtime configuration settings to determine whether container services used for security functions are located in an isolated security function such as a separate environment variables, labels, network segregation, and kernel groups.

If security-related functions are not separate, this is a finding.

Check Content Reference

M

Target Key

5239

Comments