STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

Kubernetes must separate user functionality.

DISA Rule

SV-242417r712607_rule

Vulnerability Number

V-242417

Group Title

SRG-APP-000211-CTR-000530

Rule Version

CNTR-K8-001360

Severity

CAT II

CCI(s)

• CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

10

Fix Recommendation

Move any user pods that are present in the Kubernetes system namespaces to user specific namespaces.

Check Contents

On the Master node, run the command:

kubectl get pods --all-namespaces

Review the namespaces and pods that are returned. Kubernetes system namespaces are kube-node-lease, kube-public, and kube-system.

If any user pods are present in the Kubernetes system namespaces, this is a finding.

Vulnerability Number

V-242417

Documentable

False

Rule Version

CNTR-K8-001360

Severity Override Guidance

On the Master node, run the command:

kubectl get pods --all-namespaces

Review the namespaces and pods that are returned. Kubernetes system namespaces are kube-node-lease, kube-public, and kube-system.

If any user pods are present in the Kubernetes system namespaces, this is a finding.

Check Content Reference

M

Target Key

5376

Comments