The container platform runtime must enforce the use of ports that are non-privileged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233074 | SRG-APP-000142-CTR-000330 | SV-233074r1043177_rule | CCI-000382 | medium |
| Description | ||||
| Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing non-privileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. An example is mapping port 8080 externally to port 80 in the container. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Details
Check Text (C-233074r1043177_chk)
Review the container platform configuration and the containers within the platform by performing the following checks:
1. Verify the container platform is configured to disallow the use of privileged ports by containers.
2. Validate all containers within the container platform are using non-privileged ports.
3. Attempt to instantiate a container image that uses a privileged port.
If the container platform is not configured to disallow the use of privileged ports, this is a finding.
If the container platform has containers using privileged ports, this is a finding.
If the container platform allows containers to be instantiated that use privileged ports, this is a finding.
Fix Text (F-35978r600710_fix)
Configure the container platform to disallow the use of privileged ports by containers. Move any containers that are using privileged ports to non-privileged ports.