All non-essential, unnecessary, and unsecure DoD ports, protocols, and services must be disabled in the container platform.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233190 | SRG-APP-000383-CTR-000910 | SV-233190r961470_rule | CCI-001762 | medium |
| Description | ||||
| To properly offer services to the user and to orchestrate containers, the container platform may offer services that use ports and protocols that best fit those services. The container platform, when offering the services, must only offer the services on ports and protocols authorized by the DoD. To validate that the services are using only the approved ports and protocols, the organization must perform a periodic scan/review of the container platform and disable functions, ports, protocols, and services deemed to be unneeded or non-secure. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7(1)
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001762
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-233190r961470_chk)
Review the container platform configuration to determine if services or capabilities presently on the information system are required for operational or mission needs.
If additional services or capabilities are present on the system, this is a finding.
Fix Text (F-36094r601058_fix)
Configure the container platform to only utilize secure ports and protocols required for operation that have been accepted for use as per the Ports, Protocols, and Services Category Assignments List (CAL) from DISA (PPSM).