Check: CNTR-MK-001490
Mirantis Kubernetes Engine STIG:
CNTR-MK-001490
(in version v1 r1)
Title
Vulnerability scanning must be enabled for all repositories in MSR. (Cat II impact)
Discussion
Enabling vulnerability scanning for all repositories in Mirantis Secure Registry (MSR) is a critical security practice that helps organizations identify and mitigate potential security risks associated with container images. Enabling scanning for all repositories in MSR helps identify and prioritize security issues that could pose risks to the containerized applications.
Check Content
If MSR is not being utilized, this is Not Applicable. Check image vulnerability scanning enabled for all repositories. Log in to the MSR web UI and navigate to System >> Security Tab. Verify that the "Enable Scanning" slider is turned on and the vulnerability database has been successfully synced (online) or uploaded (offline). If the "Enable Scanning" slider is tuned off, this is a finding. If the vulnerability database is not synced or uploaded, this is a finding.
Fix Text
If MSR is not being utilized, this is Not Applicable. Enable vulnerability scanning on the MSR UI by logging in to the MSR web UI and navigating to System >> Security Tab. Click the "Enable Scanning" slider to enable this capability. Sync (online) or upload (offline) the vulnerability database.
Additional Identifiers
Rule ID: SV-260943r966186_rule
Vulnerability ID: V-260943
Group Title: SRG-APP-000414-CTR-001010
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001067 |
The information system implements privileged access authorization to organization-identified information system components for selected organization-defined vulnerability scanning activities. |
| CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |