The container platform must map the authenticated identity to the individual user or group account for PKI-based authentication.

STIG ID: SRG-APP-000177-CTR-000465  |  SRG: SRG-APP-000177 |  Severity: medium |  CCI: CCI-000187 |  Vulnerability Id: V-233101

Vulnerability Discussion

The container platform and its components may require authentication before use. When the authentication is PKI-based, the container platform or component must map the certificate to a user account. If the certificate is not mapped to a user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.

Check

Review documentation and configuration to ensure the container platform provides a PKI integration capability that meets DoD PKI infrastructure requirements.

If the container platform is not configured to meet this requirement, this is a finding.

Fix

Configure the container platform to utilize the DoD Enterprise PKI infrastructure.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.