STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

Kubernetes must contain the latest updates as authorized by IAVMs, CTOs, DTMs, and STIGs.

DISA Rule

SV-242443r712685_rule

Vulnerability Number

V-242443

Group Title

SRG-APP-000456-CTR-001125

Rule Version

CNTR-K8-002720

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Upgrade Kubernetes to the supported version. Institute and adhere to the policies and procedures to ensure that patches are consistently applied within the time allowed.

Check Contents

Authenticate on the Kubernetes Master Node. Run the command:

kubectl version --short

If kubectl version has a setting not supporting Kubernetes skew policy, this is a finding.

Note: Kubernetes Skew Policy can be found at: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions

Vulnerability Number

V-242443

Documentable

False

Rule Version

CNTR-K8-002720

Severity Override Guidance

Authenticate on the Kubernetes Master Node. Run the command:

kubectl version --short

If kubectl version has a setting not supporting Kubernetes skew policy, this is a finding.

Note: Kubernetes Skew Policy can be found at: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions

Check Content Reference

M

Target Key

5376

Comments