STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233233r599671_rule
V-233233
SRG-APP-000456
SRG-APP-000456-CTR-001125
CAT II
10
Configure the container platform registry to use approved vendor repository to ensure latest images containing security-relevant updates are installed.
Review documentation and configuration to determine if the container platform registry inspects and contains approved vendor repository latest images containing security-relevant updates within a timeframe directed by an authoritative source (IAVM, CTOs, DTMs, STIGs, etc.).
If the container platform registry does not contain the latest image with security-relevant updates within the time period directed by the authoritative source, this is a finding.
The container platform registry should help the user understand where the code in the environment was deployed from, and must provide controls that prevent deployment from untrusted sources or registries.
V-233233
False
SRG-APP-000456-CTR-001125
Review documentation and configuration to determine if the container platform registry inspects and contains approved vendor repository latest images containing security-relevant updates within a timeframe directed by an authoritative source (IAVM, CTOs, DTMs, STIGs, etc.).
If the container platform registry does not contain the latest image with security-relevant updates within the time period directed by the authoritative source, this is a finding.
The container platform registry should help the user understand where the code in the environment was deployed from, and must provide controls that prevent deployment from untrusted sources or registries.
M
5239