STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform must use a FIPS-validated cryptographic module to implement encryption services for unclassified information requiring confidentiality.

DISA Rule

SV-233289r599509_rule

Vulnerability Number

V-233289

Group Title

SRG-APP-000635

Rule Version

SRG-APP-000635-CTR-001405

Severity

CAT I

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Configure the container platform to use FIPS-validated cryptographic modules to encrypt unclassified information requiring confidentiality.

Check Contents

Review the container platform configuration to ensure FIPS-validated cryptographic modules are implemented to encrypt unclassified information requiring confidentiality.

If FIPS-validated cryptographic modules are not being used, this is a finding.

Vulnerability Number

V-233289

Documentable

False

Rule Version

SRG-APP-000635-CTR-001405

Severity Override Guidance

Review the container platform configuration to ensure FIPS-validated cryptographic modules are implemented to encrypt unclassified information requiring confidentiality.

If FIPS-validated cryptographic modules are not being used, this is a finding.

Check Content Reference

M

Target Key

5239

Comments