Check: SRG-APP-000177-CTR-000465
Container Platform SRG:
SRG-APP-000177-CTR-000465
(in versions v1 r5 through v1 r1)
Title
The container platform must map the authenticated identity to the individual user or group account for PKI-based authentication. (Cat II impact)
Discussion
The container platform and its components may require authentication before use. When the authentication is PKI-based, the container platform or component must map the certificate to a user account. If the certificate is not mapped to a user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
Check Content
Review documentation and configuration to ensure the container platform provides a PKI integration capability that meets DoD PKI infrastructure requirements. If the container platform is not configured to meet this requirement, this is a finding.
Fix Text
Configure the container platform to utilize the DoD Enterprise PKI infrastructure.
Additional Identifiers
Rule ID: SV-233101r879614_rule
Vulnerability ID: V-233101
Group Title: SRG-APP-000177
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000187 |
The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group. |
Controls
| Number | Title |
|---|---|
| IA-5 (2) |
Pki-Based Authentication |