Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide

Overview

Version	Date	Finding Count (7)			Downloads
2	2024-06-10 2022-08-31 2022-08-31 2022-08-31 2022-08-31 2023-06-16 2023-06-16 2023-06-16 2023-06-16	CAT I (High): 2	CAT II (Med): 5	CAT III (Low): 0	Excel	JSON	XML

STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Sensitive)

Finding ID	Severity	Title	Description
V-252849	High	Rancher MCM must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithms for transmission.	The container platform and its components will adhere to NIST 800-52R2. To ensure that traffic coming through the ingress controller is re-encrypted internally, switch off port 80 on the service...
V-252843	High	Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.	RBAC Integration and Authn/Authz Centralized authentication services provide additional functionality fulfilling security requirements: - Multi-factor authentication, which is compatible with...
V-252846	Medium	Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.	Rancher logging capability and optional aggregation The Rancher server automatically logs everything at the container level. These logs are stored on the system which are then optionally picked...
V-252847	Medium	Rancher MCM must never automatically remove or disable emergency accounts.	Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation...
V-252844	Medium	Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.	Audit logs must be enabled. Rancher MCM provides audit record generation capabilities. Audit logs capture what happened, when it happened, who initiated it, and what cluster it affected to ensure...
V-252845	Medium	When allowed by the central authentication system, the default role assigned to a user must be User-Base.	Rancher MCM uses roles for authentication. It is necessary to ensure the proper roles and permissions are configured. The role used by default does not ensure least privilege. The default role...
V-257292	Medium	Rancher MCM must enforce organization-defined circumstances and/or usage conditions for organization-defined accounts.	Rancher MCM must verify the certificate used for Rancher's ingress is a valid DOD certificate. This is achieved by verifying the helm installation contains correct parameters.