Title

The container platform must prevent unauthorized and unintended information transfer via shared system resources. (Cat II impact)

Discussion

The container platform makes host system resources available to container services. These shared resources, such as the host system kernel, network connections, and storage, must be protected to prevent unauthorized and unintended information transfer. The protections must be implemented for users and processes acting on behalf of users.

Check Content

Review the container platform architecture documentation to find out if and how it protects the resources of one process or user (such as working memory, storage, host system kernel, network connections) from unauthorized access by another user or process. If the container platform configuration settings do not effectively implement these protections to prevent unauthorized access by another user or process, this is a finding.

Fix Text

Deploy a container platform capable of effectively protecting the resources of one process or user from unauthorized access by another user or process. Configure the container platform to effectively protect the resources of one process or user from unauthorized access by another user or process. The container security solution should help the user understand where the code in the environment was deployed from, and provide controls that prevent deployment from untrusted sources or registries.

Additional Identifiers

Rule ID: SV-233128r879649_rule

Vulnerability ID: V-233128

Group Title: SRG-APP-000243

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.