Documentation - V-233096

V-233096

Container Platform Security Requirements Guide

CAT I

Title

For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

Description

<VulnDiscussion>Passwords need to be protected on entry, in transmission, during authentication, and when stored. If compromised at any of these security points, a nefarious user can use the password along with stolen user account information to gain access or to escalate privileges. The container platform may require account authentication during container platform tasks and before accessing container platform components, e.g. runtime, registry, and keystore. During any user authentication, th...

Fix Text (Documentation Requirement)

Configure the container platform to transmit only encrypted FIPS-validated SHA-2 or later representations of passwords.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel