OpenShift must protect the confidentiality and integrity of transmitted information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-257567 | CNTR-OS-000820 | SV-257567r961632_rule | CCI-002418 | medium |
| Description | ||||
| OpenShift provides for two types of application level ingress types, Routes, and Ingresses. Routes have been a part of OpenShift since version 3. Ingresses were promoted out of beta in Aug 2020 (kubernetes v1.19). Routes provides for three type of TLS configuration options; Edge, Passthrough, and Re-encrypt. Each of those options provide TLS encryption over HTTP for inbound transmissions originating outside the cluster. Ingresses will have an IngressController associated that manages the routing and proxying of inbound transmissions. | ||||
| STIG | Date | |||
| Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide | 2025-05-15 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
SC-8
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.13.8
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002418
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-257567r961632_chk)
Verify that routes and ingress are using secured transmission ports and protocols by executing the following:
oc get routes --all-namespaces
Review the ingress ports, if the Ingress is not using a secure TLS transport, this is a finding.
Fix Text (F-61226r921643_fix)
Delete any Route or Ingress that does not use a secure transport.
oc delete route <NAME> -n <NAMESPACE>
or
oc delete ingress <NAME> -n <NAMESPACE>