UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The container platform must restrict individuals' ability to launch organizationally defined denial-of-service (DoS) attacks against other information systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233129 SRG-APP-000246-CTR-000605 SV-233129r879650_rule Medium
Description
The container platform will offer services to users and these services share resources available on the hosting system. To share the resources in a manner that does not exhaust or over utilize resources, it is necessary for the container platform to have mechanisms that allow developers to size there containers to provide minimum and maximum amounts. If there is no mechanism to specify limits, container services can cause DoS by over utilization.
STIG Date
Container Platform Security Requirements Guide 2023-11-30

Details

Check Text ( C-36065r601756_chk )
Review the container platform implementation and security documentation and components settings to determine if the information system restricts the ability of users or systems to launch organization-defined DoS attacks against other information systems or networks from the container platform.

If the container platform is not configured to restrict this ability, this is a finding.
Fix Text (F-36033r600875_fix)
Configure the container platform to restrict the ability of users or other systems to launch DoS attacks from the container platform components by setting resource quotas on resources such as memory, storage, and CPU utilization.