UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The container platform must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233162 SRG-APP-000340-CTR-000770 SV-233162r601763_rule Medium
Description
Controlling what users can perform privileged functions prevents unauthorized users from performing tasks that may expose data or degrade the container platform. When users are not segregated into privileged and non-privileged users, unauthorized individuals may perform tasks such as deploying containers, pulling images into the register, and modify keys in the keystore. These actions can introduce malicious containers and cause denial-of-service (DoS) attacks and undermine the container platform integrity. The enforcement may take place at the container platform and can be implemented within each container platform component (e.g. runtime, registry, and keystore).
STIG Date
Container Platform Security Requirements Guide 2021-06-16

Details

Check Text ( C-36098r601762_chk )
Review documentation to obtain the definition of the container platform functionality considered privileged in the context of the information system in question.

Review the container platform security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.
Fix Text (F-36066r600974_fix)
Configure the container platform to security to protect all privileged functionality. Assigning roles that limit what actions a particular user can perform are the most common means of meeting this requirement.