The container platform, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

STIG ID: SRG-APP-000401-CTR-000965  |  SRG: SRG-APP-000401 |  Severity: medium |  CCI: CCI-004068 |  Vulnerability Id: V-233201

Vulnerability Discussion

The potential of allowing access to users who are no longer authorized (have revoked certificates) increases unless a local cache of revocation data is configured.

Check

Review the container platform configuration.

If the container platform is not implemented to use a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, this is a finding.

Fix

Configure the container platform to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.