An error occurred:

Check: CNTR-MK-000430

Mirantis Kubernetes Engine STIG: CNTR-MK-000430 (in versions v2 r1 through v1 r1)

Title

In an MSR organization, user permissions and repositories must be configured. (Cat II impact)

Discussion

Configuring user permissions, organizations, and repositories in MSR is crucial for maintaining a secure, organized, and efficient container image management environment. This will provide access control, security, and compliance when utilizing MSR.

Check Content

If MSR is not being utilized, this is Not Applicable. Verify the organization, user permissions, and repositories in MSR are configured per the System Security Plan (SSP). Obtain and review the SSP. 1. Log in to the MSR web UI as Admin and navigate to "Organizations". Verify the list of organizations are setup per the SSP. 2. Navigate to "Users" and verify that the list of users are assigned to appropriate organizations per the SSP. 3. Click on the user and verify the assigned repositories are appropriate per the SSP. If the organization, user, or assigned repositories in MSR are not configured per the SSP, this is a finding.

Fix Text

If MSR is not being utilized, this is Not Applicable. Set the organizations, user permissions, and repositories in MSR so they are configured per the SSP. 1. Modify Organizations according to the SSP by logging in to the MSR web UI as Admin and navigating to Organizations. To delete an Organization: - Click on the "Organization". - Click the "Settings Tab". - Click "Delete". - Confirm and click "Delete". To Add an Organization: - Click "New organization". - Input the Organization name. - Click "Save". To Assign Users to an Organization: - Click on an Organization. - Under the Members tab, click "Add user". - Select "New" or "Existing". - Fill in User information. - Click "Save". 2. Modify Users according to the SSP. - Navigate to "Users". To add a User: - Click "New User". - Fill in User information. - Click "Save". To Delete a User: - Click on the "User". - Select "Settings Tab". - Click "Delete User". - Confirm and click "Delete". 3. Modify Repositories according to the SSP: - Click on the User. - Under the Repositories tab, modify the assigned repositories to what is appropriate per the SSP.

Additional Identifiers

Rule ID: SV-260904r966069_rule

Vulnerability ID: V-260904

Group Title: SRG-APP-000133-CTR-000290

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001499

Limit privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5(6)

Limit Library Privileges