The container platform application program interface (API) must uniquely identify and authenticate processes acting on behalf of the users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233078 | SRG-APP-000148-CTR-000350 | SV-233078r1051115_rule | CCI-000764 | medium |
| Description | ||||
| The container platform API can be used to perform any task within the platform. Often, the API is used to create tasks that perform some kind of maintenance task and run without user interaction. To guarantee the task is authorized, it is important to authenticate the task. These tasks, even though executed without user intervention, run on behalf of a user and must run with the user's authorization. If tasks are allowed to be created without authentication, users could bypass authentication and authorization mechanisms put in place for user interfaces. This could lead to users gaining greater access than given to the user putting the container platform into a compromised state. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.5.1
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000764
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-233078r1051115_chk)
Review the container platform API configuration to determine if processes acting on behalf of users are uniquely identified and authenticated.
If processes acting on behalf of users are not uniquely identified or are not authenticated, this is a finding.
Fix Text (F-35982r600722_fix)
Configure the container platform API to uniquely identify and authenticate processes acting on behalf of users.