UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The container platform registry must prohibit installation or modification of container images without explicit privileged status.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233186 SRG-APP-000378-CTR-000890 SV-233186r879751_rule Medium
Description
Controlling access to those users and roles that perform container platform registry functions reduces the risk of untested or potentially malicious containers from being introduced into the platform. This access may be separate from the access required to instantiate container images into services and those access requirements required to perform patch management and upgrades within the container platform. Explicit privileges (escalated or administrative privileges) provide the regular user with explicit capabilities and control that exceeds the rights of a regular user.
STIG Date
Container Platform Security Requirements Guide 2023-06-05

Details

Check Text ( C-36122r601045_chk )
Review container platform registry security settings with respect to non-administrative users' ability to create, alter, or replace container images.

If any such permissions exist and are not documented and approved, this is a finding.
Fix Text (F-36090r601046_fix)
Document and obtain approval for any non-administrative users who require the ability to create, alter, or replace container images within the container platform registry. Implement the approved permissions. Revoke any unapproved permissions.