STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform runtime must maintain separate execution domains for each container by assigning each container a separate address space.

DISA Rule

SV-233221r599657_rule

Vulnerability Number

V-233221

Group Title

SRG-APP-000431

Rule Version

SRG-APP-000431-CTR-001065

Severity

CAT II

CCI(s)

• CCI-002530 - The information system maintains a separate execution domain for each executing process.

Weight

10

Fix Recommendation

Deploy a container platform runtime capable of maintaining a separate execution domain and namespace for each executing process. Create a namespace for each containers, defining them as logical groups.

Check Contents

Review container platform runtime documentation and configuration is maintaining a separate execution domain for each executing process. Different groups of applications, and services with different security needs, should be deployed in separate namespaces as a first level of isolation.

If container platform runtime is not configured to execute processes in separate domains and namespaces, this is a finding.

If namespaces use defaults, this is a finding.

Vulnerability Number

V-233221

Documentable

False

Rule Version

SRG-APP-000431-CTR-001065

Severity Override Guidance

Review container platform runtime documentation and configuration is maintaining a separate execution domain for each executing process. Different groups of applications, and services with different security needs, should be deployed in separate namespaces as a first level of isolation.

If container platform runtime is not configured to execute processes in separate domains and namespaces, this is a finding.

If namespaces use defaults, this is a finding.

Check Content Reference

M

Target Key

5239

Comments