The container platform registry must contain only container images for those capabilities being offered by the container platform.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233072 | SRG-APP-000141-CTR-000320 | SV-233072r960963_rule | CCI-000381 | medium |
| Description | ||||
| Allowing container images to reside within the container platform registry that are not essential to the capabilities being offered by the container platform becomes a potential security risk. By allowing these non-essential container images to exist, the possibility for accidental instantiation exists. The images may be unpatched, not supported, or offer non-approved capabilities. Those images for customer services are considered essential capabilities. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-233072r960963_chk)
Review the container platform registry and the container images being stored.
If container images are stored in the registry and are not being used to offer container platform capabilities, this is a finding.
Fix Text (F-35976r600704_fix)
Remove all container images from the container platform registry that are not being used or contain features and functions not supported by the platform.