UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The container platform must prohibit the installation of patches and updates without explicit privileged status.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233184 SRG-APP-000378-CTR-000880 SV-233184r879751_rule Medium
Description
Controlling access to those users and roles responsible for patching and updating the container platform reduces the risk of untested or potentially malicious software from being installed within the platform. This access may be separate from the access required to install container images into the registry and those access requirements required to instantiate an image into a service. Explicit privileges (escalated or administrative privileges) provide the regular user with explicit capabilities and control that exceeds the rights of a regular user.
STIG Date
Container Platform Security Requirements Guide 2023-11-30

Details

Check Text ( C-36120r601789_chk )
Review the container platform configuration to determine if patches and updates can only be installed through accounts with privileged status.

Attempt to install a patch or upgrade using a non-privileged user account.

If patches or updates can be installed using a non-privileged account or the container platform is not configured to stop the installation using a non-privileged account, this is a finding.
Fix Text (F-36088r601040_fix)
Configure the container platform to only allow patch installation and upgrades using privileged accounts.