Documentation - V-233221

V-233221

Container Platform Security Requirements Guide

CAT II

Title

The container platform runtime must maintain separate execution domains for each container by assigning each container a separate address space.

Description

<VulnDiscussion>Container namespace access is limited upon runtime execution. Each container is a distinct process so that communication between containers is performed in a manner controlled through security policies that limits the communication so one container cannot modify another container. Different groups of containers with different security needs should be deployed in separate namespaces as a first level of isolation. Namespaces are a key boundary for network policies, orchestrator ac...

Fix Text (Documentation Requirement)

Deploy a container platform runtime capable of maintaining a separate execution domain and namespace for each executing process. Create a namespace for each containers, defining them as logical groups.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel