Title

The container platform must map the authenticated identity to the individual user or group account for PKI-based authentication. (Cat II impact)

Discussion

The container platform and its components may require authentication before use. When the authentication is PKI-based, the container platform or component must map the certificate to a user account. If the certificate is not mapped to a user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.

Check Content

Review documentation and configuration to ensure the container platform provides a PKI integration capability that meets DoD PKI infrastructure requirements. If the container platform is not configured to meet this requirement, this is a finding.

Fix Text

Configure the container platform to utilize the DoD Enterprise PKI infrastructure.

Additional Identifiers

Rule ID: SV-233101r961044_rule

Vulnerability ID: V-233101

Group Title: SRG-APP-000177

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.