UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

OpenShift must protect the confidentiality and integrity of transmitted information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-257567 CNTR-OS-000820 SV-257567r961632_rule Medium
Description
OpenShift provides for two types of application level ingress types, Routes, and Ingresses. Routes have been a part of OpenShift since version 3. Ingresses were promoted out of beta in Aug 2020 (kubernetes v1.19). Routes provides for three type of TLS configuration options; Edge, Passthrough, and Re-encrypt. Each of those options provide TLS encryption over HTTP for inbound transmissions originating outside the cluster. Ingresses will have an IngressController associated that manages the routing and proxying of inbound transmissions.
STIG Date
Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-61302r921642_chk )
Verify that routes and ingress are using secured transmission ports and protocols by executing the following:

oc get routes --all-namespaces

Review the ingress ports, if the Ingress is not using a secure TLS transport, this is a finding.
Fix Text (F-61226r921643_fix)
Delete any Route or Ingress that does not use a secure transport.

oc delete route -n

or

oc delete ingress -n