The container platform must prohibit the installation of patches and updates without explicit privileged status.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233184 | SRG-APP-000378-CTR-000880 | SV-233184r601790_rule | Medium |
| Description |
|---|
| Controlling access to those users and roles responsible for patching and updating the container platform reduces the risk of untested or potentially malicious software from being installed within the platform. This access may be separate from the access required to install container images into the registry and those access requirements required to instantiate an image into a service. Explicit privileges (escalated or administrative privileges) provide the regular user with explicit capabilities and control that exceeds the rights of a regular user. |
| STIG | Date |
|---|---|
| Container Platform Security Requirements Guide | 2021-12-14 |
Details
| Check Text ( C-36120r601789_chk ) |
|---|
| Review the container platform configuration to determine if patches and updates can only be installed through accounts with privileged status. Attempt to install a patch or upgrade using a non-privileged user account. If patches or updates can be installed using a non-privileged account or the container platform is not configured to stop the installation using a non-privileged account, this is a finding. |
| Fix Text (F-36088r601040_fix) |
|---|
| Configure the container platform to only allow patch installation and upgrades using privileged accounts. |