Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (7) | Downloads | ||
| 2 | 2024-08-27 | CAT I (High): 2 | CAT II (Medium): 5 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - MAC I - Mission Critical Public
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-252844 | Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform. | Audit logs must be enabled. Rancher MCM provides audit record generation capabilities. Audit logs capture what happened, when it happened, who initia... | |
| V-252845 | When allowed by the central authentication system, the default role assigned to a user must be User-Base. | Rancher MCM uses roles for authentication. It is necessary to ensure the proper roles and permissions are configured. The role used by default does no... | |
| V-252846 | Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups. | Rancher logging capability and optional aggregation The Rancher server automatically logs everything at the container level. These logs are stored on... | |
| V-252847 | Rancher MCM must never automatically remove or disable emergency accounts. | Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is req... | |
| V-257292 | Rancher MCM must enforce organization-defined circumstances and/or usage conditions for organization-defined accounts. | Rancher MCM must verify the certificate used for Rancher's ingress is a valid DOD certificate. This is achieved by verifying the helm installation con... | |
| V-252843 | Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process. | RBAC Integration and Authn/Authz Centralized authentication services provide additional functionality fulfilling security requirements: - Multi-facto... | |
| V-252849 | Rancher MCM must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithms for transmission. | The container platform and its components will adhere to NIST 800-52R2. To ensure that traffic coming through the ingress controller is re-encrypted i... |