STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithms for transmission.

DISA Rule

SV-233290r599703_rule

Vulnerability Number

V-233290

Group Title

SRG-APP-000645

Rule Version

SRG-APP-000645-CTR-001410

Severity

CAT I

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Configure the container platform to use protocols that transmit authentication data encrypted and to use cryptographic algorithms that are not flawed.

Check Contents

Review the container platform configuration to verify that container platform is not using protocols that transmit authentication data unencrypted and that the container platform is not using flawed cryptographic algorithms for transmission.

If the container platform is using protocols to transmit authentication data unencrypted or is using flawed cryptographic algorithms, this is a finding.

Vulnerability Number

V-233290

Documentable

False

Rule Version

SRG-APP-000645-CTR-001410

Severity Override Guidance

Review the container platform configuration to verify that container platform is not using protocols that transmit authentication data unencrypted and that the container platform is not using flawed cryptographic algorithms for transmission.

If the container platform is using protocols to transmit authentication data unencrypted or is using flawed cryptographic algorithms, this is a finding.

Check Content Reference

M

Target Key

5239

Comments