Title

The container platform must enforce access restrictions for container platform configuration changes. (Cat II impact)

Discussion

Configuration changes cause the container platform to change the way it operates. These changes can be used to improve the system with added features or performance, but these configuration changes can also be used to introduce malicious features and degrade performance. To control the configuration changes made to the container platform, it is important that only authorized users are allowed, through container platform enforcement, to make configuration changes.

Check Content

Review documentation and configuration settings to determine if the container platform enforces access restrictions associated with changes to container platform components configuration. If the container platform does not enforce such access restrictions, this is a finding.

Fix Text

Configure the container platform to enforce access restrictions associated with changes to the container platform components configuration.

Additional Identifiers

Rule ID: SV-233188r879753_rule

Vulnerability ID: V-233188

Group Title: SRG-APP-000380

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.