The container platform must continuously scan components, containers, and images for vulnerabilities.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-233275	SRG-APP-000516-CTR-001335	SV-233275r601314_rule		Medium

Description
Finding vulnerabilities quickly within the container platform and within containers deployed within the platform is important to keep the overall platform secure. When a vulnerability within a component or container is unknown or allowed to remain unpatched, other containers and customers within the platform become vulnerability. The vulnerability can lead to the loss of application data, organizational infrastructure data, and denial of service (DoS) to hosted applications. Vulnerability scanning can be performed by the container platform or by external applications.

Description

Finding vulnerabilities quickly within the container platform and within containers deployed within the platform is important to keep the overall platform secure. When a vulnerability within a component or container is unknown or allowed to remain unpatched, other containers and customers within the platform become vulnerability. The vulnerability can lead to the loss of application data, organizational infrastructure data, and denial of service (DoS) to hosted applications. Vulnerability scanning can be performed by the container platform or by external applications.

STIG	Date
Container Platform Security Requirements Guide	2021-12-14

Details

Check Text ( C-36211r601312_chk )
Review the container platform to validate continuous vulnerability scans of components, containers, and container images are being performed. If continuous vulnerability scans are not being performed, this is a finding.

Fix Text (F-36179r601313_fix)
Implement continuous vulnerability scans of container platform components, containers, and container images either by the container platform or from external vulnerability scanning applications.