Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-233026 | SRG-APP-000033-CTR-000090 | SV-233026r879530_rule | Medium |
Description |
---|
The container platform registry is used to store images and is the keeper of truth for trusted images within the platform. To guarantee the images integrity, access to the registry must be limited to those individuals who need to perform tasks to the images such as the update, creation, or deletion of images. Without this control access, images can be deleted that are in use by the container platform causing a denial of service (DoS), and images can be modified or introduced without going through the testing and validation process allowing for the intentional or unintentional introduction of containers with flaws and vulnerabilities. |
STIG | Date |
---|---|
Container Platform Security Requirements Guide | 2023-06-05 |
Check Text ( C-35962r601602_chk ) |
---|
Review the container platform configuration to determine if least privilege and need-to-know access is being used for container platform registry access. If least privilege and need-to-know access is not being used for container platform registry access, this is a finding. |
Fix Text (F-35930r600566_fix) |
---|
Configure the container platform to use least privilege and need to know when granting access to the container platform registry. The fix ensures the proper roles and permissions are configured. |