Title

The container platform must accept Personal Identity Verification (PIV) credentials from other federal agencies. (Cat II impact)

Discussion

Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating users is the first step in controlling the access. Users may be validated by the overall container platform or they may be validated by each component. It is essential to accept PIV credentials from other federal agencies and eliminate the possibility of access being denied to authorized users. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

Check Content

Review the documentation and configuration to determine if the container platform accepts PIV credentials from other federal agencies. If the container platform does not accept other federal agency PIV credentials, this is a finding.

Fix Text

Configure the container platform to accept PIV credentials from other federal agencies.

Additional Identifiers

Rule ID: SV-233202r879775_rule

Vulnerability ID: V-233202

Group Title: SRG-APP-000402

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.