STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Container images instantiated by the container platform must execute using least privileges.

DISA Rule

SV-233163r599619_rule

Vulnerability Number

V-233163

Group Title

SRG-APP-000342

Rule Version

SRG-APP-000342-CTR-000775

Severity

CAT II

CCI(s)

• CCI-002233 - The information system prevents organization-defined software from executing at higher privilege levels than users executing the software.

Weight

10

Fix Recommendation

Configure the container platform to block instantiation with no more privileges than necessary.

Check Contents

Review documentation and configuration to determine if the container platform disallows instantiation of containers trying to execute with more privileges than required or with privileged permissions.

If the container platform does not block containers requesting privileged permissions, privilege escalation, or allows containers to have more privileges than required, this is a finding.

Vulnerability Number

V-233163

Documentable

False

Rule Version

SRG-APP-000342-CTR-000775

Severity Override Guidance

Review documentation and configuration to determine if the container platform disallows instantiation of containers trying to execute with more privileges than required or with privileged permissions.

If the container platform does not block containers requesting privileged permissions, privilege escalation, or allows containers to have more privileges than required, this is a finding.

Check Content Reference

M

Target Key

5239

Comments