Check: SRG-APP-000133-CTR-000310
Container Platform SRG:
SRG-APP-000133-CTR-000310
(in versions v1 r5 through v1 r1)
Title
Authentication files for the container platform must be protected. (Cat II impact)
Discussion
The secure configuration of the container platform must be protected by disallowing changing to be implemented by non-privileged users. Changes to the container platform can introduce security risks and stability issues and undermine change management procedures. To secure authentication files from non-privileged user modification can be enforced using file ownership and permissions. Examples of authentication files are keys, certificates, and tokens.
Check Content
Review the container platform to verify that authentication files cannot be modified by non-privileged users. If non-privileged users can modify key and certificate files, this is a finding.
Fix Text
Configure the container platform to only allow authentication file modifications by privileged users.
Additional Identifiers
Rule ID: SV-233070r879586_rule
Vulnerability ID: V-233070
Group Title: SRG-APP-000133
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001499 |
The organization limits privileges to change software resident within software libraries. |
Controls
| Number | Title |
|---|---|
| CM-5 (6) |
Limit Library Privileges |