UCF STIG Viewer Logo

Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide


Overview

Date Finding Count (7)
2022-08-31 CAT I (High): 2 CAT II (Med): 5 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-252849 High Rancher MCM must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithms for transmission.
V-252843 High Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
V-252848 Medium Rancher MCM must enforce organization-defined circumstances and/or usage conditions for organization-defined accounts.
V-252846 Medium Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.
V-252847 Medium Rancher MCM must never automatically remove or disable emergency accounts.
V-252844 Medium Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
V-252845 Medium When allowed by the central authentication system, the default role assigned to a user must be User-Base.