Container Platform Security Requirements Guide

Description

This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V1R1

Published: 2020-11-24

Updated At: 2020-12-16 01:22:20

Actions

Download

Filter

Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-233015r599509_rule SRG-APP-000014-CTR-000035 CCI-000068 MEDIUM The container platform must use TLS 1.2 or greater for secure container image transport from trusted sources. The authenticity and integrity of the container image during the container image lifecycle is part of the overall security posture of the container platform. This begins with the container image creation and pull of a base image from a trusted source for
    SV-233016r599509_rule SRG-APP-000014-CTR-000040 CCI-000068 MEDIUM The container platform must use TLS 1.2 or greater for secure communication. The authenticity and integrity of the container platform and communication between nodes and components must be secure. If an insecure protocol is used during transmission of data, the data can be intercepted and manipulated. The manipulation of data can
    SV-233019r599509_rule SRG-APP-000023-CTR-000055 CCI-000015 MEDIUM The container platform must use a centralized user management solution to support account management functions. Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. A comprehensive application account management process that incl
    SV-233020r599509_rule SRG-APP-000024-CTR-000060 CCI-000016 MEDIUM The container platform must automatically remove or disable temporary user accounts after 72 hours. If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary user accounts must be set upon account creatio
    SV-233021r599509_rule SRG-APP-000025-CTR-000065 CCI-000017 MEDIUM The container platform must automatically disable accounts after a 35-day period of account inactivity. Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Applications need t
    SV-233022r599509_rule SRG-APP-000026-CTR-000070 CCI-000018 MEDIUM The container platform must automatically audit account creation. Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to create a new account. Auditing of account creation is one method for mi
    SV-233023r599509_rule SRG-APP-000027-CTR-000075 CCI-001403 MEDIUM The container platform must automatically audit account modification. Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to modify an existing account. Auditing of account creation is one method
    SV-233024r599509_rule SRG-APP-000028-CTR-000080 CCI-001404 MEDIUM The container platform must automatically audit account-disabling actions. When application accounts are disabled, user accessibility is affected. Once an attacker establishes access to an application, the attacker often attempts to disable authorized accounts to disrupt services or prevent the implementation of countermeasures.
    SV-233025r599509_rule SRG-APP-000029-CTR-000085 CCI-001405 MEDIUM The container platform must automatically audit account removal actions. When application accounts are removed, user accessibility is affected. Once an attacker establishes access to an application, the attacker often attempts to remove authorized accounts to disrupt services or prevent the implementation of countermeasures. A
    SV-233026r599511_rule SRG-APP-000033-CTR-000090 CCI-000213 MEDIUM Least privilege access and need to know must be required to access the container platform registry. The container platform registry is used to store images and is the keeper of truth for trusted images within the platform. To guarantee the images integrity, access to the registry must be limited to those individuals who need to perform tasks to the imag
    SV-233027r599509_rule SRG-APP-000033-CTR-000095 CCI-000213 MEDIUM Least privilege access and need to know must be required to access the container platform runtime. The container platform runtime is used to instantiate containers. If this process is accessed by those persons who are not authorized, those containers offering services can be brought to a denial of service (DoS) situation, disabling a large number of se
    SV-233028r599509_rule SRG-APP-000033-CTR-000100 CCI-000213 MEDIUM Least privilege access and need to know must be required to access the container platform keystore. The container platform keystore is used to store access keys and tokens for trusted access to and from the container platform. The keystore gives the container platform a method to store the confidential data in a secure way and to encrypt the data when a
    SV-233029r599513_rule SRG-APP-000038-CTR-000105 CCI-001368 MEDIUM The container platform must enforce approved authorizations for controlling the flow of information within the container platform based on organization-defined information flow control policies. Controlling information flow between the container platform components and container user services instantiated by the container platform must enforce organization-defined information flow policies. Example methods for information flow control are using l
    SV-233030r599509_rule SRG-APP-000039-CTR-000110 CCI-001414 MEDIUM The container platform must enforce approved authorizations for controlling the flow of information between interconnected systems and services based on organization-defined information flow control policies. Controlling information flow between the container platform components and container user services instantiated by the container platform must enforce organization-defined information flow policies. Example methods for information flow control are: using
    SV-233031r599515_rule SRG-APP-000065-CTR-000115 CCI-000044 MEDIUM The container platform must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.
    SV-233032r599517_rule SRG-APP-000068-CTR-000120 CCI-000048 LOW The container platform must display the Standard Mandatory DoD Notice and Consent Banner before granting access to platform components. The container platform has countless components where different access levels are needed. To control access, the user must first log in to the component and then be presented with a DoD-approved use notification banner before granting access to the compon
    SV-233033r599519_rule SRG-APP-000069-CTR-000125 CCI-000050 LOW The container platform must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage and conditions and take explicit actions to log on for further access. The banner must be acknowledged by the user prior to allowing the user access to any container platform component. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged
    SV-233038r599521_rule SRG-APP-000089-CTR-000150 CCI-000169 MEDIUM The container platform must generate audit records for all DoD-defined auditable events within all components in the platform. Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, including security incidents that must be investigated. To make the audit data worthwhil
    SV-233039r599523_rule SRG-APP-000090-CTR-000155 CCI-000171 MEDIUM The container platform must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming th
    SV-233040r599525_rule SRG-APP-000091-CTR-000160 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to access privileges occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233041r599714_rule SRG-APP-000092-CTR-000165 CCI-001464 MEDIUM The container platform must initiate session auditing upon startup. When the container platform is started, container platform components and user services can also be started. It is important that the container platform begin auditing on startup in order to handle container platform startup events along with events for c
    SV-233042r599529_rule SRG-APP-000095-CTR-000170 CCI-000130 MEDIUM All audit records must identify what type of event has occurred within the container platform. Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile
    SV-233043r599531_rule SRG-APP-000096-CTR-000175 CCI-000131 MEDIUM The container platform audit records must have a date and time association with all events. Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile
    SV-233044r599533_rule SRG-APP-000097-CTR-000180 CCI-000132 MEDIUM All audit records must identify where in the container platform the event occurred. Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile
    SV-233045r599535_rule SRG-APP-000098-CTR-000185 CCI-000133 MEDIUM All audit records must identify the source of the event within the container platform. Audit data is important when there are issues, to include security incidents that must be investigated. Since the audit data may be part of a larger audit system, it is important for the audit data to also include the container platform name for traceabil
    SV-233046r599537_rule SRG-APP-000099-CTR-000190 CCI-000134 MEDIUM All audit records must generate the event results within the container platform. Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile
    SV-233047r599539_rule SRG-APP-000100-CTR-000195 CCI-001487 MEDIUM All audit records must identify any users associated with the event within the container platform. Without information that establishes the identity of the user associated with the events, security personnel cannot determine responsibility for the potentially harmful event.
    SV-233048r599541_rule SRG-APP-000100-CTR-000200 CCI-001487 MEDIUM All audit records must identify any containers associated with the event within the container platform. Without information that establishes the identity of the containers offering user services or running on behalf of a user within the platform associated with audit events, security personnel cannot determine responsibility for potentially harmful events.
    SV-233049r599543_rule SRG-APP-000101-CTR-000205 CCI-000135 MEDIUM The container platform must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users. During an investigation of an incident, it is important to fully understand what took place. Often, information is not part of the audited event due to the data's nature, security risk, or audit log size. Organizations must consider limiting the additiona
    SV-233051r599704_rule SRG-APP-000109-CTR-000215 CCI-000140 MEDIUM The container platform must take appropriate action upon an audit failure. It is critical that when the container platform is at risk of failing to process audit logs as required that it take action to mitigate the failure. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, an
    SV-233052r599547_rule SRG-APP-000111-CTR-000220 CCI-000154 MEDIUM The container platform components must provide the ability to send audit logs to a central enterprise repository for review and analysis. The container platform components must send audit events to a central managed audit log repository to provide reporting, analysis, and alert notification. Incident response relies on successful timely, accurate system analysis in order for the organizatio
    SV-233055r599509_rule SRG-APP-000116-CTR-000235 CCI-000159 MEDIUM The container platform must use internal system clocks to generate audit record time stamps. Understanding when and sequence of events for an incident is crucial to understand what may have taken place. Without a common clock, the components generating audit events could be out of synchronization and would then present a picture of the event that
    SV-233056r599509_rule SRG-APP-000118-CTR-000240 CCI-000162 MEDIUM The container platform must protect audit information from any type of unauthorized read access. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In addition, access to audit records provides information an at
    SV-233057r599509_rule SRG-APP-000119-CTR-000245 CCI-000163 MEDIUM The container platform must protect audit information from unauthorized modification. If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of audit data, the information system and/or the application
    SV-233058r599509_rule SRG-APP-000120-CTR-000250 CCI-000164 MEDIUM The container platform must protect audit information from unauthorized deletion. If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of audit data, the information system and/or the application
    SV-233059r599509_rule SRG-APP-000121-CTR-000255 CCI-001493 MEDIUM The container platform must protect audit tools from unauthorized access. Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Applications providing tools to interface with
    SV-233060r599509_rule SRG-APP-000122-CTR-000260 CCI-001494 MEDIUM The container platform must protect audit tools from unauthorized modification. Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Applications providing tools to interface with
    SV-233061r599509_rule SRG-APP-000123-CTR-000265 CCI-001495 MEDIUM The container platform must protect audit tools from unauthorized deletion. Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Applications providing tools to interface with
    SV-233063r599549_rule SRG-APP-000126-CTR-000275 CCI-001350 MEDIUM The container platform must use FIPS validated cryptographic mechanisms to protect the integrity of log information. To fully investigate an incident and to have trust in the audit data that is generated, it is important to put in place data protections. Without integrity protections, unauthorized changes may be made to the audit files and reliable forensic analysis and
    SV-233064r599551_rule SRG-APP-000131-CTR-000280 CCI-001749 MEDIUM The container platform must be built from verified packages. It is important to patch and upgrade the container platform when patches and upgrades are available. More important is to get these patches and upgrades from a known source. To validate the authenticity of any patches and upgrades before installation, the
    SV-233065r599553_rule SRG-APP-000131-CTR-000285 CCI-001749 MEDIUM The container platform must verify container images. The container platform must be capable of validating container images are signed and that the digital signature is from a recognized and approved source approved by the organization. Allowing any container image to be introduced into the registry and inst
    SV-233066r599715_rule SRG-APP-000133-CTR-000290 CCI-001499 MEDIUM The container platform must limit privileges to the container platform registry. To control what is instantiated within the container platform, it is important to control access to the registry. Without this control, container images can be introduced and instantiated by accident or on container platform startup. Without control of th
    SV-233067r599557_rule SRG-APP-000133-CTR-000295 CCI-001499 MEDIUM The container platform must limit privileges to the container platform runtime. To control what is instantiated within the container platform, it is important to control access to the runtime. Without this control, container platform specific services and customer services can be introduced without receiving approval and going throug
    SV-233068r599716_rule SRG-APP-000133-CTR-000300 CCI-001499 MEDIUM The container platform must limit privileges to the container platform keystore. The container platform keystore is used to store credentials used to build a trust between the container platform and some external source. This trust relationship is authorized by the organization. If a malicious user were to have access to the container
    SV-233069r599509_rule SRG-APP-000133-CTR-000305 CCI-001499 MEDIUM Configuration files for the container platform must be protected. The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileged users. Changes to the container platform can introduce security risks or stability issues and undermine change management proce
    SV-233070r599509_rule SRG-APP-000133-CTR-000310 CCI-001499 MEDIUM Authentication files for the container platform must be protected. The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privileged users. Changes to the container platform can introduce security risks and stability issues and undermine change management pro
    SV-233071r599509_rule SRG-APP-000141-CTR-000315 CCI-000381 MEDIUM The container platform must be configured with only essential configurations. The container platform can be built with components that are not used for the intended purpose of the organization. To limit the attack surface of the container platform, it is essential that the non-essential services are not installed.
    SV-233072r599509_rule SRG-APP-000141-CTR-000320 CCI-000381 MEDIUM The container platform registry must contain only container images for those capabilities being offered by the container platform. Allowing container images to reside within the container platform registry that are not essential to the capabilities being offered by the container platform becomes a potential security risk. By allowing these non-essential container images to exist, the
    SV-233073r599561_rule SRG-APP-000142-CTR-000325 CCI-000382 MEDIUM The container platform runtime must enforce ports, protocols, and services that adhere to the PPSM CAL. Ports, protocols, and services within the container platform runtime must be controlled and conform to the PPSM CAL. Those ports, protocols, and services that fall outside the PPSM CAL must be blocked by the runtime. Instructions on the PPSM can be found
    SV-233074r599563_rule SRG-APP-000142-CTR-000330 CCI-000382 MEDIUM The container platform runtime must enforce the use of ports that are non-privileged. Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these p
    SV-233075r599509_rule SRG-APP-000148-CTR-000335 CCI-000764 MEDIUM The container platform must uniquely identify and authenticate users. The container platform requires user accounts to perform container platform tasks. These tasks may pertain to the overall container platform or may be component-specific, thus requiring users to authenticate against those specific components. To ensure ac
    SV-233076r599509_rule SRG-APP-000148-CTR-000340 CCI-000764 MEDIUM The container platform application program interface (API) must uniquely identify and authenticate users. The container platform requires user accounts to perform container platform tasks. These tasks are often performed through the container platform API. Protecting the API from users who are not authorized or authenticated is essential to keep the container
    SV-233077r599509_rule SRG-APP-000148-CTR-000345 CCI-000764 MEDIUM The container platform must uniquely identify and authenticate processes acting on behalf of the users. The container platform will instantiate a container image and use the user privileges given to the user used to execute the container. To ensure accountability and prevent unauthenticated access to containers, the user the container is using to execute mu
    SV-233078r599565_rule SRG-APP-000148-CTR-000350 CCI-000764 MEDIUM The container platform application program interface (API) must uniquely identify and authenticate processes acting on behalf of the users. The container platform API can be used to perform any task within the platform. Often, the API is used to create tasks that perform some kind of maintenance task and run without user interaction. To guarantee the task is authorized, it is important to aut
    SV-233079r599567_rule SRG-APP-000149-CTR-000355 CCI-000765 MEDIUM The container platform must use multifactor authentication for network access to privileged accounts. Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g.,
    SV-233080r599569_rule SRG-APP-000150-CTR-000360 CCI-000766 MEDIUM The container platform must use multifactor authentication for network access to non-privileged accounts. To ensure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authenticat
    SV-233081r599509_rule SRG-APP-000151-CTR-000365 CCI-000767 MEDIUM The container platform must use multifactor authentication for local access to privileged accounts. To ensure accountability and prevent unauthenticated access, privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication is defined as using two or more factors to achieve
    SV-233082r599509_rule SRG-APP-000152-CTR-000370 CCI-000768 MEDIUM The container platform must use multifactor authentication for local access to non-privileged accounts. To ensure accountability, prevent unauthenticated access, and prevent misuse of the system, non-privileged users must utilize multi-factor authentication for local access. Multifactor authentication is defined as using two or more factors to achieve auth
    SV-233083r599571_rule SRG-APP-000153-CTR-000375 CCI-000770 MEDIUM The container platform must ensure users are authenticated with an individual authenticator prior to using a group authenticator. To ensure individual accountability and prevent unauthorized access, application users must be individually identified and authenticated. Individual accountability mandates that each user be uniquely identified. A group authenticator is a shared account
    SV-233084r599573_rule SRG-APP-000156-CTR-000380 CCI-001941 MEDIUM The container platform must use FIPS-validated SHA-1 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts. A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. Anti-replay is a cryptogra
    SV-233085r599575_rule SRG-APP-000157-CTR-000385 CCI-001942 MEDIUM The container platform must implement replay-resistant authentication mechanisms for network access to non-privileged accounts. A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. An authentication process
    SV-233086r599577_rule SRG-APP-000158-CTR-000390 CCI-000778 MEDIUM The container platform must uniquely identify all network-connected nodes before establishing any connection. A container platform usually consists of multiple nodes. It is important for these nodes to be uniquely identified before a connection is allowed. Without identifying the nodes, unidentified or unknown nodes may be introduced, thereby facilitating malicio
    SV-233087r599579_rule SRG-APP-000163-CTR-000395 CCI-000795 MEDIUM The container platform must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. Inactive identifiers pose a risk to systems and applications. Attackers that are able to exploit an inactive identifier can potentially obtain and maintain undetected access to the application. Owners of inactive accounts will not notice if unauthorized a
    SV-233088r599509_rule SRG-APP-000164-CTR-000400 CCI-000205 MEDIUM The container platform must enforce a minimum 15-character password length. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and bru
    SV-233089r599509_rule SRG-APP-000165-CTR-000405 CCI-000200 MEDIUM The container platform must prohibit password reuse for a minimum of 10 generations. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need to be changed at specific policy-based intervals. If the in
    SV-233090r599581_rule SRG-APP-000166-CTR-000410 CCI-000192 MEDIUM The container platform must enforce password complexity by requiring that at least one uppercase character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password
    SV-233091r599583_rule SRG-APP-000167-CTR-000415 CCI-000193 MEDIUM The container platform must enforce password complexity by requiring that at least one lowercase character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password
    SV-233092r599585_rule SRG-APP-000168-CTR-000420 CCI-000194 MEDIUM The container platform must enforce password complexity by requiring that at least one numeric character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password
    SV-233093r599587_rule SRG-APP-000169-CTR-000425 CCI-001619 MEDIUM The container platform must enforce password complexity by requiring that at least one special character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password
    SV-233094r599589_rule SRG-APP-000170-CTR-000430 CCI-000195 MEDIUM The container platform must require the change of at least 15 of the total number of characters when passwords are changed. If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks. The number of changed c
    SV-233095r599591_rule SRG-APP-000171-CTR-000435 CCI-000196 MEDIUM For container platform using password authentication, the application must store only cryptographic representations of passwords. Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read and easily compromised. Use of passwords for authentication is intended only for limited
    SV-233096r599509_rule SRG-APP-000172-CTR-000440 CCI-000197 HIGH For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process. Passwords need to be protected on entry, in transmission, during authentication, and when stored. If compromised at any of these security points, a nefarious user can use the password along with stolen user account information to gain access or to escalat
    SV-233097r599509_rule SRG-APP-000173-CTR-000445 CCI-000198 MEDIUM The container platform must enforce 24 hours (one day) as the minimum password lifetime. Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. Restricting this setting limits the user's ability to change their password. Passwords need to be changed at sp
    SV-233098r599509_rule SRG-APP-000174-CTR-000450 CCI-000199 MEDIUM The container platform must enforce a 60-day maximum password lifetime restriction. Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals. One method of minimizing this risk is to use complex passwords and periodically change them. If the application does not limit
    SV-233101r599509_rule SRG-APP-000177-CTR-000465 CCI-000187 MEDIUM The container platform must map the authenticated identity to the individual user or group account for PKI-based authentication. The container platform and its components may require authentication before use. When the authentication is PKI-based, the container platform or component must map the certificate to a user account. If the certificate is not mapped to a user account, the
    SV-233102r599593_rule SRG-APP-000178-CTR-000470 CCI-000206 MEDIUM The container platform must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. To prevent the compromise of authentication information such as passwords during the authentication process, the feedback from the container platform and its components, e.g., runtime, registry, and keystore, must not provide any information that would al
    SV-233105r599595_rule SRG-APP-000181-CTR-000485 CCI-001876 MEDIUM The container platform must provide an audit reduction capability that supports on-demand reporting requirements. The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security i
    SV-233106r599597_rule SRG-APP-000185-CTR-000490 CCI-000877 MEDIUM The container platform must employ strong authenticators in the establishment of non-local maintenance and diagnostic sessions. If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the system. The act of managing systems and applications includes the ability to access sensitive application information, such as, system
    SV-233114r599599_rule SRG-APP-000211-CTR-000530 CCI-001082 MEDIUM The container platform must separate user functionality (including user interface services) from information system management functionality. Separating user functionality from management functionality is a requirement for all the components within the container platform. Without the separation, users may have access to management functions that can degrade the container platform and the servic
    SV-233118r599601_rule SRG-APP-000219-CTR-000550 CCI-001184 HIGH The container platform must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules. The container platform is responsible for pulling images from trusted sources and placing those images into its registry. To protect the transmission of images, the container platform must use FIPS-validated 140-2 or 140-3 cryptographic modules. This adde
    SV-233122r599603_rule SRG-APP-000225-CTR-000570 CCI-001190 MEDIUM The container platform runtime must fail to a secure state if system initialization fails, shutdown fails, or aborts fail. The container platform offers services for container image orchestration and services for users. If any of these services were to fail into an insecure state, security measures for user and data separation and image instantiation could become absent. In a
    SV-233123r599509_rule SRG-APP-000226-CTR-000575 CCI-001665 MEDIUM The container platform must preserve any information necessary to determine the cause of the disruption or failure. When a failure occurs within the container platform, preserving the state of the container platform and its components, along with other container services, helps to facilitate container platform restart and return to the operational mode of the organizat
    SV-233125r599605_rule SRG-APP-000233-CTR-000585 CCI-001084 MEDIUM The container platform runtime must isolate security functions from non-security functions. The container platform runtime must be configured to isolate those services used for security functions from those used for non-security functions. This separation can be performed using environment variables, labels, network segregation, and kernel group
    SV-233126r599509_rule SRG-APP-000234-CTR-000590 CCI-001682 MEDIUM The container platform must never automatically remove or disable emergency accounts. Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If thes
    SV-233127r599607_rule SRG-APP-000243-CTR-000595 CCI-001090 MEDIUM The container platform must prohibit containers from accessing privileged resources. Containers images instantiated within the container platform may request access to host system resources. Access to privileged resources can allow for unauthorized and unintended transfer of information, but in some cases, these resources may be needed fo
    SV-233128r599705_rule SRG-APP-000243-CTR-000600 CCI-001090 MEDIUM The container platform must prevent unauthorized and unintended information transfer via shared system resources. The container platform makes host system resources available to container services. These shared resources, such as the host system kernel, network connections, and storage, must be protected to prevent unauthorized and unintended information transfer. Th
    SV-233129r599611_rule SRG-APP-000246-CTR-000605 CCI-001094 MEDIUM The container platform must restrict individuals' ability to launch organizationally defined denial-of-service (DoS) attacks against other information systems. The container platform will offer services to users and these services share resources available on the hosting system. To share the resources in a manner that does not exhaust or over utilize resources, it is necessary for the container platform to have
    SV-233133r599613_rule SRG-APP-000266-CTR-000625 CCI-001312 MEDIUM The container platform must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. The container platform is responsible for offering services to users. These services could be across diverse user groups and data types. To protect information about the container platform, services, users, and data, it is important during error message g
    SV-233142r599509_rule SRG-APP-000290-CTR-000670 CCI-001496 MEDIUM The container platform must use cryptographic mechanisms to protect the integrity of audit tools. Protecting the integrity of the tools used for auditing purposes is a critical step to ensuring the integrity of audit data. Audit data includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit informat
    SV-233143r599509_rule SRG-APP-000291-CTR-000675 CCI-001683 MEDIUM The container platform must notify system administrators and ISSO when accounts are created. Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply create a new account. Sending notification of account crea
    SV-233144r599509_rule SRG-APP-000292-CTR-000680 CCI-001684 MEDIUM The container platform must notify system administrators and ISSO when accounts are modified. When application accounts are modified, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the application processes themselves. Sending notification of account modification events to the system admin
    SV-233145r599509_rule SRG-APP-000293-CTR-000685 CCI-001685 MEDIUM The container platform must notify system administrators and ISSO for account disabling actions. When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the application processes themselves. Sending notification of account disabling events to the system administ
    SV-233146r599509_rule SRG-APP-000294-CTR-000690 CCI-001686 MEDIUM The container platform must notify system administrators and ISSO for account removal actions. When application accounts are removed, user accessibility is affected. Accounts are utilized for identifying users or for identifying the application processes themselves. Sending notification of account removal events to the system administrator and ISSO
    SV-233149r599509_rule SRG-APP-000297-CTR-000705 CCI-002364 LOW Access to the container platform must display an explicit logout message to user indicating the reliable termination of authenticated communication sessions. Access to the container platform will occur through web and terminal sessions. Any web interfaces must conform to application and web security requirements. Terminal access to the container platform and its components must provide a logout facility that t
    SV-233155r599509_rule SRG-APP-000317-CTR-000735 CCI-002142 MEDIUM The container platform must terminate shared/group account credentials when members leave the group. If shared/group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized. A shared/group account credential is a shared form of authentication tha
    SV-233156r599615_rule SRG-APP-000318-CTR-000740 CCI-002145 MEDIUM The container platform must enforce organization-defined circumstances and/or usage conditions for organization-defined accounts. Activity under unusual conditions can indicate hostile activity. For example, what is normal activity during business hours can indicate hostile activity if it occurs during off hours. Depending on mission needs and conditions, account usage restrictions
    SV-233157r599509_rule SRG-APP-000319-CTR-000745 CCI-002130 MEDIUM The container platform must automatically audit account-enabling actions. Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply enable a new or disabled account. Automatically auditing a
    SV-233158r599509_rule SRG-APP-000320-CTR-000750 CCI-002132 MEDIUM The container platform must notify system administrator and ISSO of account enabling actions. Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply enable a new or disabled account. Sending notification of
    SV-233162r599617_rule SRG-APP-000340-CTR-000770 CCI-002235 MEDIUM The container platform must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. Controlling what users can perform privileged functions prevents unauthorized users from performing tasks that may expose data or degrade the container platform. When users are not segregated into privileged and non-privileged users, unauthorized individu
    SV-233163r599619_rule SRG-APP-000342-CTR-000775 CCI-002233 MEDIUM Container images instantiated by the container platform must execute using least privileges. Containers running within the container platform must execute as non-privileged. When a container can execute as a privileged container, the privileged container is also a privileged user within the hosting system, and the hosting system becomes a major s
    SV-233164r599509_rule SRG-APP-000343-CTR-000780 CCI-002234 MEDIUM The container platform must audit the execution of privileged functions. Privileged functions within the container platform can be component specific or can envelope the entire container platform. Because of the nature of the commands, it is important to understand what command was executed for either investigation of an incid
    SV-233165r599621_rule SRG-APP-000345-CTR-000785 CCI-002238 MEDIUM The container platform must automatically lock an account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded. By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.
    SV-233166r599712_rule SRG-APP-000516-CTR-000790 CCI-000366 MEDIUM The container platform must provide the configuration for organization-identified individuals or roles to change the auditing to be performed on all components, based on all selectable event criteria within organization-defined time thresholds. Auditing requirements may change per organization or situation within and organization. With the container platform allowing an organization to customize the auditing, an organization can decide to extend or limit auditing as necessary to meet organizatio
    SV-233168r599625_rule SRG-APP-000357-CTR-000800 CCI-001849 MEDIUM The container platform must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during
    SV-233169r599627_rule SRG-APP-000358-CTR-000805 CCI-001851 MEDIUM Audit records must be stored at a secondary location. Auditable events are used in the investigation of incidents and must be protected from being deleted or altered. Often, events that took place in the past must be viewed to understand the entire incident. For the purposes of audit event protection and rec
    SV-233170r599629_rule SRG-APP-000359-CTR-000810 CCI-001855 MEDIUM The container platform must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. If security personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion.
    SV-233171r599631_rule SRG-APP-000360-CTR-000815 CCI-001858 MEDIUM The container platform must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation
    SV-233181r599509_rule SRG-APP-000374-CTR-000865 CCI-001890 MEDIUM All audit records must use UTC or GMT time stamps. The container platform and its components must generate audit records using either Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) time stamps or local time that offset from UTC. All the components must use the same standard so that the even
    SV-233182r599509_rule SRG-APP-000375-CTR-000870 CCI-001889 MEDIUM The container platform must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. To properly investigate an event, it is important to have enough granularity within the time stamps to determine the chronological order of the audited events. Without this granularity, events may be interpreted out of proper sequence, thus hobbling the i
    SV-233184r599633_rule SRG-APP-000378-CTR-000880 CCI-001812 MEDIUM The container platform must prohibit the installation of patches and updates without explicit privileged status. Controlling access to those users and roles responsible for patching and updating the container platform reduces the risk of untested or potentially malicious software from being installed within the platform. This access may be separate from the access r
    SV-233185r599635_rule SRG-APP-000378-CTR-000885 CCI-001812 HIGH The container platform runtime must prohibit the instantiation of container images without explicit privileged status. Controlling access to those users and roles responsible for container image instantiation reduces the risk of untested or potentially malicious containers from being executed within the platform and on the hosting system. This access may be separate from
    SV-233186r599509_rule SRG-APP-000378-CTR-000890 CCI-001812 MEDIUM The container platform registry must prohibit installation or modification of container images without explicit privileged status. Controlling access to those users and roles that perform container platform registry functions reduces the risk of untested or potentially malicious containers from being introduced into the platform. This access may be separate from the access required t
    SV-233188r599724_rule SRG-APP-000380-CTR-000900 CCI-001813 MEDIUM The container platform must enforce access restrictions for container platform configuration changes. Configuration changes cause the container platform to change the way it operates. These changes can be used to improve the system with added features or performance, but these configuration changes can also be used to introduce malicious features and degr
    SV-233189r599509_rule SRG-APP-000381-CTR-000905 CCI-001814 MEDIUM The container platform must enforce access restrictions and support auditing of the enforcement actions. Auditing the enforcement of access restrictions against changes to the container platform helps identify attacks and provides forensic data for investigation for after-the-fact actions. Attempts to change configurations, components, or data maintained by
    SV-233190r599509_rule SRG-APP-000383-CTR-000910 CCI-001762 MEDIUM All non-essential, unnecessary, and unsecure DoD ports, protocols, and services must be disabled in the container platform. To properly offer services to the user and to orchestrate containers, the container platform may offer services that use ports and protocols that best fit those services. The container platform, when offering the services, must only offer the services on
    SV-233191r599639_rule SRG-APP-000384-CTR-000915 CCI-001764 MEDIUM The container platform must prevent component execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage. The container platform may offer components such as DNS services, firewall services, router services, or web services that are not required by every organization to meet their needs. Container platform components may also add capabilities that run counter
    SV-233192r599641_rule SRG-APP-000386-CTR-000920 CCI-001774 MEDIUM The container platform registry must employ a deny-all, permit-by-exception (whitelist) policy to allow only authorized container images in the container platform. Controlling the sources where container images can be pulled from allows the organization to define what software can be run within the container platform. Allowing any container image to be introduced and instantiated within the container platform may in
    SV-233193r599509_rule SRG-APP-000389-CTR-000925 CCI-002038 MEDIUM The container platform must require users to reauthenticate when organization-defined circumstances or situations require reauthentication. Controlling user access is paramount in securing the container platform. During a user's access to the container platform, events may occur that change the user's access and which require reauthentication. For instance, if the capability to change securit
    SV-233194r599643_rule SRG-APP-000390-CTR-000930 CCI-002039 MEDIUM The container platform must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication. The container platform may require external devices be used to fully orchestrate the services needed for users. Examples would be storage or external servers. Without reauthentication, unidentified or unknown devices may be introduced; thereby facilitatin
    SV-233195r599509_rule SRG-APP-000391-CTR-000935 CCI-001953 MEDIUM The container platform must be configured to use multi-factor authentication for user authentication. Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating users is the first step in controlling the access. Users may be validated by the overall container platform or they may be valida
    SV-233199r599645_rule SRG-APP-000397-CTR-000955 CCI-002041 MEDIUM The container platform must allow the use of a temporary password for system logons with an immediate change to a permanent password. Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an account is created if a user is not forced to change the temporary password upon initial login. Temporary passwords are typicall
    SV-233200r599647_rule SRG-APP-000400-CTR-000960 CCI-002007 MEDIUM The container platform must prohibit the use of cached authenticators after an organization-defined time period. If cached authentication information is out of date, the validity of the authentication information may be questionable.
    SV-233201r599649_rule SRG-APP-000401-CTR-000965 CCI-001991 MEDIUM The container platform, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. The potential of allowing access to users who are no longer authorized (have revoked certificates) increases unless a local cache of revocation data is configured.
    SV-233202r599509_rule SRG-APP-000402-CTR-000970 CCI-002009 MEDIUM The container platform must accept Personal Identity Verification (PIV) credentials from other federal agencies. Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating users is the first step in controlling the access. Users may be validated by the overall container platform or they may be valida
    SV-233206r599651_rule SRG-APP-000409-CTR-000990 CCI-002884 MEDIUM The container platform must audit non-local maintenance and diagnostic sessions' organization-defined audit events associated with non-local maintenance. To fully investigate an attack, it is important to understand the event and those events taking place during the same time period. Often, non-local administrative access and diagnostic sessions are not logged. These events are seen as only administrative
    SV-233207r599717_rule SRG-APP-000411-CTR-000995 CCI-002890 MEDIUM Container platform applications and Application Program Interfaces (API) used for nonlocal maintenance sessions must use FIPS-validated keyed-hash message authentication code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. Unapproved mechanisms that are used for authentication to the cryptographic module are not verified, and therefore cannot be relied on to provide confidentiality or integrity, and DoD data may be compromised. Nonlocal maintenance and diagnostic activitie
    SV-233208r599720_rule SRG-APP-000412-CTR-001000 CCI-003123 MEDIUM The container platform must configure web management tools and Application Program Interfaces (API) with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are activities conducted by individuals communicating through eit
    SV-233210r599509_rule SRG-APP-000414-CTR-001010 CCI-001067 MEDIUM Vulnerability scanning applications must implement privileged access authorization to all container platform components, containers, and container images for selected organization-defined vulnerability scanning activities. In certain situations, the nature of the vulnerability scanning may be more intrusive, or the container platform component that is the subject of the scanning may contain highly sensitive information. Privileged access authorization to selected system com
    SV-233211r599655_rule SRG-APP-000416-CTR-001015 CCI-002450 MEDIUM The container platform must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data and images. The container platform must implement cryptographic modules adhering to the higher standards approved by the federal government since
    SV-233220r599509_rule SRG-APP-000429-CTR-001060 CCI-002476 MEDIUM The container platform keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform. Container platform keystore is used for container deployments for persistent storage of all its REST API objects. These objects are sensitive in nature and should be encrypted at rest to avoid any unauthorized disclosure. Selection of a cryptographic mech
    SV-233221r599657_rule SRG-APP-000431-CTR-001065 CCI-002530 MEDIUM The container platform runtime must maintain separate execution domains for each container by assigning each container a separate address space. Container namespace access is limited upon runtime execution. Each container is a distinct process so that communication between containers is performed in a manner controlled through security policies that limits the communication so one container cannot
    SV-233222r599659_rule SRG-APP-000435-CTR-001070 CCI-002385 MEDIUM The container platform must protect against or limit the effects of all types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This requirement addresses the configuration of the container platform
    SV-233226r599661_rule SRG-APP-000441-CTR-001090 CCI-002420 MEDIUM The container platform must maintain the confidentiality and integrity of information during preparation for transmission. Information may be unintentionally or maliciously disclosed or modified during preparation for transmission within the container platform during aggregation, at protocol transformation points, and during container image runtime. These unauthorized disclos
    SV-233227r599663_rule SRG-APP-000442-CTR-001095 CCI-002422 MEDIUM The container platform must maintain the confidentiality and integrity of information during reception. Information either can be unintentionally or maliciously disclosed or modified during reception for reception within the container platform during aggregation, at protocol transformation points, and during container image runtime. These unauthorized discl
    SV-233228r599665_rule SRG-APP-000447-CTR-001100 CCI-002754 MEDIUM The container platform must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. Software or code parameters typically follow well-defined protocols that use structured messages (i.e., commands or queries) to communicate between software modules or system components. Structured messages can contain raw or unstructured data intersperse
    SV-233229r599509_rule SRG-APP-000450-CTR-001105 CCI-002824 MEDIUM The container platform must implement organization-defined security safeguards to protect system CPU and memory from resource depletion and unauthorized code execution. The execution of images within the container platform runtime must implement organizational defined security safeguards to prevent distributed denial-of-service (DDOS) and other possible attacks against the container image at runtime. Security safeguards
    SV-233230r599706_rule SRG-APP-000454-CTR-001110 CCI-002617 MEDIUM The container platform must remove old components after updated versions have been installed. Previous versions of container platform components that are not removed from the container platform after updates have been installed may be exploited by adversaries by causing older components to execute which contain vulnerabilities. When these componen
    SV-233231r599707_rule SRG-APP-000454-CTR-001115 CCI-002617 MEDIUM The container platform registry must remove old container images after updating versions have been made available. Obsolete and stale images need to be removed from the registry to ensure the container platform maintains a secure posture. While the storing of these images does not directly pose a threat, they do increase the likelihood of these images being deployed.
    SV-233233r599671_rule SRG-APP-000456-CTR-001125 CCI-002605 MEDIUM The container platform registry must contain the latest images with most recent updates and execute within the container platform runtime as authorized by IAVM, CTOs, DTMs, and STIGs. Software supporting the container platform, images in the registry must stay up to date with the latest patches, service packs, and hot fixes. Not updating the container platform and container images will expose the organization to vulnerabilities. Flaws
    SV-233234r599673_rule SRG-APP-000456-CTR-001130 CCI-002605 MEDIUM The container platform runtime must have updates installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). The container platform runtime must be carefully monitored for vulnerabilities, and when problems are detected, they must be remediated quickly. A vulnerable runtime exposes all containers it supports, as well as the host itself, to potentially significan
    SV-233242r599675_rule SRG-APP-000472-CTR-001170 CCI-002696 MEDIUM The organization-defined role must verify correct operation of security functions in the container platform. Without verification, security functions may not operate correctly and this failure may go unnoticed within the container platform. The container platform components must identity and ensure the security functions are still operational and applicable to t
    SV-233243r599708_rule SRG-APP-000473-CTR-001175 CCI-002699 MEDIUM The container platform must perform verification of the correct operation of security functions: upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Without verification, security functions may not operate correctly and this failure may go unnoticed within the container platform. Security functions are responsible for enforcing the system security policy and supporting the isolation of code and data
    SV-233244r599722_rule SRG-APP-000474-CTR-001180 CCI-002702 MEDIUM The container platform must provide system notifications to the system administrator and operational staff when anomalies in the operation of the organization-defined security functions are discovered. If anomalies are not acted upon, security functions may fail to secure the container within the container platform runtime. Security functions are responsible for enforcing the system security policy and supporting the isolation of code and data on which
    SV-233252r599509_rule SRG-APP-000492-CTR-001220 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to access security objects occur. The container platform and its components must generate audit records when successful and unsuccessful access security objects occur. All the components must use the same standard so that the events can be tied together to understand what took place withi
    SV-233253r599509_rule SRG-APP-000493-CTR-001225 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to access security levels occur. Unauthorized users could access the security levels to exploit vulnerabilities within the container platform component. All the components must use the same standard so that the events can be tied together to understand what took place within the overall
    SV-233254r599509_rule SRG-APP-000494-CTR-001230 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233255r599509_rule SRG-APP-000495-CTR-001235 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to modify privileges occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233256r599509_rule SRG-APP-000496-CTR-001240 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to modify security objects occur. The container platform and its components must generate audit records when modifying security objects. All the components must use the same standard so that the events can be tied together to understand what took place within the overall container platfor
    SV-233257r599509_rule SRG-APP-000497-CTR-001245 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to modify security levels occur. Unauthorized users could modify the security levels to exploit vulnerabilities within the container platform component. All the components must use the same standard so that the events can be tied together to understand what took place within the overall
    SV-233258r599509_rule SRG-APP-000498-CTR-001250 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233259r599509_rule SRG-APP-000499-CTR-001255 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to delete privileges occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233260r599509_rule SRG-APP-000500-CTR-001260 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to delete security levels occur. The container platform and its components must generate audit records when deleting security levels. All the components must use the same standard so that the events can be tied together to understand what took place within the overall container platform.
    SV-233261r599509_rule SRG-APP-000501-CTR-001265 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to delete security objects occur. Unauthorized users modify level the security levels to exploit vulnerabilities within the container platform component. All the components must use the same standard so that the events can be tied together to understand what took place within the overall
    SV-233262r599509_rule SRG-APP-000502-CTR-001270 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233263r599726_rule SRG-APP-000503-CTR-001275 CCI-000172 MEDIUM The container platform must generate audit records when successful/unsuccessful logon attempts occur. The container platform and its components must generate audit records when successful and unsuccessful logon attempts occur. The information system can determine if an account is compromised or is in the process of being compromised and can take actions t
    SV-233264r599509_rule SRG-APP-000504-CTR-001280 CCI-000172 MEDIUM The container platform must generate audit record for privileged activities. The container platform components will generate audit records for privilege activities and container platform runtime, registry, and keystore must generate access audit records to detect possible malicious intent. All the components must use the same stan
    SV-233265r599683_rule SRG-APP-000505-CTR-001285 CCI-000172 MEDIUM The container platform audit records must record user access start and end times. The container platform must generate audit records showing start and end times for users and services acting on behalf of a user accessing the registry and keystore. These components must use the same standard so that the events can be tied together to un
    SV-233266r599685_rule SRG-APP-000506-CTR-001290 CCI-000172 MEDIUM The container platform must generate audit records when concurrent logons from different workstations and systems occur. The container platform and its components must generate audit records for concurrent logons from workstations perform remote maintenance, runtime instances, connectivity to the container registry, and keystore. All the components must use the same standar
    SV-233267r599727_rule SRG-APP-000507-CTR-001295 CCI-000172 MEDIUM The container platform runtime must generate audit records when successful/unsuccessful attempts to access objects occur. Container platform runtime objects are defined as configuration files, code, etc. This provides the ability to configure resources and software parameters prior to image execution from the container platform registry. An unauthorized user with malicious i
    SV-233268r599509_rule SRG-APP-000508-CTR-001300 CCI-000172 MEDIUM Direct access to the container platform must generate audit records. Direct access to the container platform and its components must generate audit records. All the components must use the same standard so that the events can be tied together to understand what took place within the overall container platform. This must es
    SV-233269r599728_rule SRG-APP-000509-CTR-001305 CCI-000172 MEDIUM The container platform must generate audit records for all account creations, modifications, disabling, and termination events. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit reco
    SV-233270r599691_rule SRG-APP-000510-CTR-001310 CCI-000172 MEDIUM The container runtime must generate audit records for all container execution, shutdown, restart events, and program initiations. The container runtime must generate audit records that are specific to the security and mission needs of the organization. Without audit record, it would be difficult to establish, correlate, and investigate events relating to an incident.
    SV-233271r599729_rule SRG-APP-000514-CTR-001315 CCI-002450 MEDIUM The container platform must use a valid FIPS 140-2 approved cryptographic modules to generate hashes. The cryptographic module used must have at least one validated hash algorithm. This validated hash algorithm must be used to generate cryptographic hashes for all cryptographic security function within the container platform components being evaluated. F
    SV-233273r599695_rule SRG-APP-000516-CTR-001325 CCI-000366 MEDIUM Container platform components must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs. Container platform components are part of the overall container platform, offering services that enable the container platform to fully orchestrate user containers. These components may fall outside the scope of this document, but they still must be secur
    SV-233274r599730_rule SRG-APP-000516-CTR-001330 CCI-000366 MEDIUM The container platform must be able to store and instantiate industry standard container images. Monitoring the container images and containers during their lifecycle is important to guarantee the container platform is secure. To monitor the containers and images, security tools can be put in place. To fully utilize the security tools available, usin
    SV-233275r599509_rule SRG-APP-000516-CTR-001335 CCI-000366 MEDIUM The container platform must continuously scan components, containers, and images for vulnerabilities. Finding vulnerabilities quickly within the container platform and within containers deployed within the platform is important to keep the overall platform secure. When a vulnerability within a component or container is unknown or allowed to remain unpatch
    SV-233276r599509_rule SRG-APP-000560-CTR-001340 CCI-001453 MEDIUM The container platform must prohibit communication using TLS versions 1.0 and 1.1, and SSL 2.0 and 3.0. The container platform and its components will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communication. The use of unsupported protocol exposes vulnerabilities to the container platform by rogue traffic interce
    SV-233284r599699_rule SRG-APP-000605-CTR-001380 CCI-000185 MEDIUM The container platform must validate certificates used for Transport Layer Security (TLS) functions by performing an RFC 5280-compliant certification path validation. A certification path is the path from the end entity certificate to a trusted root certification authority (CA). Certification path validation is necessary for a relying party to make an informed decision regarding acceptance of an end entity certificate
    SV-233285r599701_rule SRG-APP-000610-CTR-001385 CCI-000803 MEDIUM The container platform must use FIPS-validated SHA-2 or higher hash function for digital signature generation and verification (non-legacy use). Without the use of digital signature, information can be altered by unauthorized accounts accessing or modifying the container platform registry, keystore, and container at runtime. Digital signatures provide non-repudiation for transactions between the c
    SV-233289r599509_rule SRG-APP-000635-CTR-001405 CCI-002450 HIGH The container platform must use a FIPS-validated cryptographic module to implement encryption services for unclassified information requiring confidentiality. Unvalidated cryptography is viewed by NIST as providing no protection to the information or data. In effect, the data would be considered unprotected plaintext. If the agency specifies that the information or data be cryptographically protected, then FIPS
    SV-233290r599703_rule SRG-APP-000645-CTR-001410 CCI-000382 HIGH The container platform must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithms for transmission. The use of secure ports, protocols and services within the container platform must be controlled and conform to the PPSM CAL. Those ports, protocols, and services that fall outside the PPSM CAL must be blocked by the runtime. Instructions on the PPSM can