For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233096 | SRG-APP-000172-CTR-000440 | SV-233096r961029_rule | CCI-000197 | high |
| Description | ||||
| Passwords need to be protected on entry, in transmission, during authentication, and when stored. If compromised at any of these security points, a nefarious user can use the password along with stolen user account information to gain access or to escalate privileges. The container platform may require account authentication during container platform tasks and before accessing container platform components, e.g. runtime, registry, and keystore. During any user authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Related Frameworks
6 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-5(1)
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1714 mappings
3.5.10
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.8
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.9
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000197
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-233096r961029_chk)
Review the documentation and configuration to determine if the container platform enforces the required FIPS-validated encrypt passwords when they are transmitted.
If the container platform is not configured to meet this requirement, this is a finding.
Fix Text (F-36000r600776_fix)
Configure the container platform to transmit only encrypted FIPS-validated SHA-2 or later representations of passwords.