Title

The container platform must separate user functionality (including user interface services) from information system management functionality. (Cat II impact)

Discussion

Separating user functionality from management functionality is a requirement for all the components within the container platform. Without the separation, users may have access to management functions that can degrade the container platform and the services being offered and can offer a method to bypass testing and validation of functions before introduced into a production environment. The separation should be enforced by each component within the container platform.

Check Content

Review the container platform configuration to determine if management functionality is separated from user functionality. Validate that the separation is also implemented within the components by trying to execute management functions for each component as a user. If the container platform is not configured to separate management and user functionality or if component management and user functionality are not separated, this is a finding.

Fix Text

Configure the container platform and its components to separate management and user functionality.

Additional Identifiers

Rule ID: SV-233114r879631_rule

Vulnerability ID: V-233114

Group Title: SRG-APP-000211

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.