Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-233195 | SRG-APP-000391-CTR-000935 | SV-233195r601074_rule | Medium |
Description |
---|
Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating users is the first step in controlling the access. Users may be validated by the overall container platform or they may be validated by each component. To standardize and reduce the risks of unauthorized access, the use of multifactor token-based credentials is the preferred method. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. |
STIG | Date |
---|---|
Container Platform Security Requirements Guide | 2021-12-14 |
Check Text ( C-36131r601072_chk ) |
---|
Review documentation and configuration to ensure the container platform is configured to use an approved DoD multifactor token (CAC) when accessing platform via user interfaces. If multifactor authentication is not configured, this is a finding. |
Fix Text (F-36099r601073_fix) |
---|
Configure the container platform to accept standard DoD multifactor token-based credentials when users interface with the platform. |