MKE telemetry must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-260918 | CNTR-MK-000500 | SV-260918r966111_rule | CCI-000381 | medium |
| Description | ||||
| MKE provides a telemetry service that automatically records and transmits data to Mirantis through an encrypted channel for monitoring and analysis purposes. While this channel is secure, it introduces an attack vector and must be disabled. | ||||
| STIG | Date | |||
| Mirantis Kubernetes Engine Security Technical Implementation Guide | 2024-08-27 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · V2R1 · disa_xccdf · related
Details
Check Text (C-260918r966111_chk)
Verify that usage and API analytics tracking is disabled in MKE.
Log in to the MKE web UI and navigate to admin >> Admin Settings >> Usage.
Verify the "Enable hourly usage reporting" and "Enable API and UI tracking" options are both unchecked.
If either box is checked, this is a finding.
Fix Text (F-64555r966110_fix)
Disable usage and API analytics tracking in MKE.
Log in to the MKE web UI and navigate to admin >> Admin Settings >> Usage.
Uncheck both the "Enable hourly usage reporting" and "Enable API and UI tracking" options.
Click "Save".