STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

DISA Rule

SV-233133r599613_rule

Vulnerability Number

V-233133

Group Title

SRG-APP-000266

Rule Version

SRG-APP-000266-CTR-000625

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Configure the container platform to not write sensitive information into the logs and administrative messages.

Check Contents

Review documentation and logs to determine if the container platform writes sensitive information such as passwords or private keys into the logs and administrative messages.

If the container platform writes sensitive or potentially harmful information into the logs and administrative messages, this is a finding.

Vulnerability Number

V-233133

Documentable

False

Rule Version

SRG-APP-000266-CTR-000625

Severity Override Guidance

Review documentation and logs to determine if the container platform writes sensitive information such as passwords or private keys into the logs and administrative messages.

If the container platform writes sensitive or potentially harmful information into the logs and administrative messages, this is a finding.

Check Content Reference

M

Target Key

5239

Comments