Detections
Analytics

DISA Rancher Government Solutions RKE2 STIG v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Rancher Government Solutions RKE2 STIG v2r2

Updated: 4/29/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 25

Audit Items

DescriptionCategories
CNTR-R2-000010 Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.
CNTR-R2-000030 RKE2 must use a centralized user management solution to support account management functions.
CNTR-R2-000060 Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
CNTR-R2-000100 The Kubernetes Controller Manager must have secure binding.
CNTR-R2-000110 The Kubernetes Kubelet must have anonymous authentication disabled.
CNTR-R2-000120 The Kubernetes API server must have the insecure port flag disabled.
CNTR-R2-000130 The Kubernetes Kubelet must have the read-only port flag disabled.
CNTR-R2-000140 The Kubernetes API server must have the insecure bind address not set.
CNTR-R2-000150 The Kubernetes kubelet must enable explicit authorization.
CNTR-R2-000160 The Kubernetes API server must have anonymous authentication disabled.
CNTR-R2-000320 All audit records must identify any containers associated with the event within Rancher RKE2.
CNTR-R2-000460 Rancher RKE2 must be built from verified packages.
CNTR-R2-000520 Configuration and authentication files for Rancher RKE2 must be protected.
CNTR-R2-000550 Rancher RKE2 must be configured with only essential configurations.
CNTR-R2-000580 Rancher RKE2 runtime must enforce ports, protocols, and services that adhere to the PPSM CAL.
CNTR-R2-000800 Rancher RKE2 must store only cryptographic representations of passwords.
CNTR-R2-000890 Rancher RKE2 must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after five minutes of inactivity.
CNTR-R2-000940 Rancher RKE2 runtime must isolate security functions from nonsecurity functions.
CNTR-R2-000970 Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.
CNTR-R2-001130 Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
CNTR-R2-001270 Rancher RKE2 must prohibit the installation of patches, updates, and instantiation of container images without explicit privileged status.
CNTR-R2-001500 Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2.
CNTR-R2-001580 Rancher RKE2 must remove old components after updated versions have been installed.
CNTR-R2-001620 Rancher RKE2 registry must contain the latest images with most recent updates and execute within Rancher RKE2 runtime as authorized by IAVM, CTOs, DTMs, and STIGs.
DISA_Rancher_Government_Solutions_RKE2_STIG_v2r2.audit from DISA Rancher Government Solutions RKE2 STIG v2r2