The container platform must limit privileges to the container platform keystore.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233068 | SRG-APP-000133-CTR-000300 | SV-233068r601703_rule | Medium |
| Description |
|---|
| The container platform keystore is used to store credentials used to build a trust between the container platform and some external source. This trust relationship is authorized by the organization. If a malicious user were to have access to the container platform keystore, two negative scenarios could develop: 1) Keys not approved could be introduced and 2) Approved keys deleted, leading to the introduction of container images from sources that were never approved by the organization. To thwart this threat, it is important to protect the container platform keystore and give access to only those individuals and roles approved by the organization. |
| STIG | Date |
|---|---|
| Container Platform Security Requirements Guide | 2021-12-14 |
Details
| Check Text ( C-36004r601873_chk ) |
|---|
| Review the container platform keystore configuration to determine if the level of access to the keystore is controlled through user privileges. Attempt to perform keystore operations to determine if the privileges are enforced. If the container platform keystore is not limited through user privileges or the user privileges are not enforced, this is a finding. |
| Fix Text (F-35972r600692_fix) |
|---|
| Configure the container platform to use and enforce user privileges when accessing the container platform keystore. |