UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The container platform must limit privileges to the container platform keystore.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233068 SRG-APP-000133-CTR-000300 SV-233068r879586_rule Medium
Description
The container platform keystore is used to store credentials used to build a trust between the container platform and some external source. This trust relationship is authorized by the organization. If a malicious user were to have access to the container platform keystore, two negative scenarios could develop: 1) Keys not approved could be introduced and 2) Approved keys deleted, leading to the introduction of container images from sources that were never approved by the organization. To thwart this threat, it is important to protect the container platform keystore and give access to only those individuals and roles approved by the organization.
STIG Date
Container Platform Security Requirements Guide 2023-11-30

Details

Check Text ( C-36004r601873_chk )
Review the container platform keystore configuration to determine if the level of access to the keystore is controlled through user privileges.

Attempt to perform keystore operations to determine if the privileges are enforced.

If the container platform keystore is not limited through user privileges or the user privileges are not enforced, this is a finding.
Fix Text (F-35972r600692_fix)
Configure the container platform to use and enforce user privileges when accessing the container platform keystore.