Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-233227 | SRG-APP-000442-CTR-001095 | SV-233227r601820_rule | Medium |
Description |
---|
Information either can be unintentionally or maliciously disclosed or modified during reception for reception within the container platform during aggregation, at protocol transformation points, and during container image runtime. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information. When receiving data, the container platform components need to leverage protection mechanisms, such as TLS, TLS VPNs, or IPsec. |
STIG | Date |
---|---|
Container Platform Security Requirements Guide | 2021-06-16 |
Check Text ( C-36163r601819_chk ) |
---|
Review documentation and configuration settings to determine if the container platform maintains the confidentiality and integrity of information during reception. If confidentiality and integrity are not maintained using mechanisms such as TLS, TLS VPNs, or IPsec during reception, this is a finding. |
Fix Text (F-36131r601169_fix) |
---|
Configure the container platform to maintain the confidentiality and integrity using mechanisms such as TLS, TLS VPNs, or IPsec during reception. |