The container platform must implement organization-defined security safeguards to protect system CPU and memory from resource depletion and unauthorized code execution.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-233229	SRG-APP-000450-CTR-001105	SV-233229r601176_rule		Medium

Description
The execution of images within the container platform runtime must implement organizational defined security safeguards to prevent distributed denial-of-service (DDOS) and other possible attacks against the container image at runtime. Security safeguards employed to protect memory and CPU include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be software-enforced. Other means of protection are to limit memory and CPU resources to a container.

Description

The execution of images within the container platform runtime must implement organizational defined security safeguards to prevent distributed denial-of-service (DDOS) and other possible attacks against the container image at runtime. Security safeguards employed to protect memory and CPU include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be software-enforced. Other means of protection are to limit memory and CPU resources to a container.

STIG	Date
Container Platform Security Requirements Guide	2021-12-14

Details

Check Text ( C-36165r601174_chk )
Review the container platform configuration to determine if safeguards are in place to protect the system memory and CPU from resource depletion and unauthorized execution. If safeguards are not in place, this is a finding.

Fix Text (F-36133r601175_fix)
Configure the container platform to have safeguards in place to protect the system memory and CPU from resource depletion and unauthorized code execution.