Check: SRG-APP-000225-CTR-000570
Container Platform SRG:
SRG-APP-000225-CTR-000570
(in versions v2 r2 through v1 r0.1)
Title
The container platform runtime must fail to a secure state if system initialization fails, shutdown fails, or aborts fail. (Cat II impact)
Discussion
The container platform offers services for container image orchestration and services for users. If any of these services were to fail into an insecure state, security measures for user and data separation and image instantiation could become absent. In addition, audit log protections could be relaxed allowing for investigation of what occurred could be lost. To protect services and data, it is important for the container platform to fail to a secure state if the container platform registry initialization fails, shutdown fails, or aborts fail.
Check Content
Review documentation and configuration to determine if the container platform runtime fails to a secure state if system initialization fails, shutdown fails, or aborts fail. If the container platform runtime cannot be configured to fail securely, this is a finding.
Fix Text
Configure the container platform runtime to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Additional Identifiers
Rule ID: SV-233122r961122_rule
Vulnerability ID: V-233122
Group Title: SRG-APP-000225
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001190 |
Fail to an organization-defined known-system state for the list of organization-defined types of system failures on organization-defined system components on the indicated components while preserving organization-defined system state information in failure. |
Controls
| Number | Title |
|---|---|
| SC-24 |
Fail in Known State |