STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform runtime must prohibit the instantiation of container images without explicit privileged status.

DISA Rule

SV-233185r599635_rule

Vulnerability Number

V-233185

Group Title

SRG-APP-000378

Rule Version

SRG-APP-000378-CTR-000885

Severity

CAT I

CCI(s)

• CCI-001812 - The information system prohibits user installation of software without explicit privileged status.

Weight

10

Fix Recommendation

Configure the container platform runtime to prohibit the instantiation of container images without explicit container image instantiation privileges given to users.

Check Contents

Review the container platform runtime configuration to determine if only accounts given specific container instantiation privileges can execute the container image instantiation process.

Attempt to instantiate a container image using an account that does not have the proper privileges to execute the process.

If container images can be instantiated using an account without the proper privileges, this is a finding.

Vulnerability Number

V-233185

Documentable

False

Rule Version

SRG-APP-000378-CTR-000885

Severity Override Guidance

Review the container platform runtime configuration to determine if only accounts given specific container instantiation privileges can execute the container image instantiation process.

Attempt to instantiate a container image using an account that does not have the proper privileges to execute the process.

If container images can be instantiated using an account without the proper privileges, this is a finding.

Check Content Reference

M

Target Key

5239

Comments