Navigate

Check: SRG-APP-000401-CTR-000965

Container Platform SRG: SRG-APP-000401-CTR-000965 (in versions v1 r5 through v1 r1)

Title

The container platform, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. (Cat II impact)

Discussion

The potential of allowing access to users who are no longer authorized (have revoked certificates) increases unless a local cache of revocation data is configured.

Check Content

Review the container platform configuration. If the container platform is not implemented to use a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, this is a finding.

Fix Text

Configure the container platform to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

Additional Identifiers

Rule ID: SV-233201r879774_rule

Vulnerability ID: V-233201

Group Title: SRG-APP-000401

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001991	The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (2)	Pki-Based Authentication