Information
Configure Image Provenance for your deployment.
Rationale:
Kubernetes supports plugging in provenance rules to accept or reject the images in your deployments. You could configure such rules to ensure that only approved images are deployed in the cluster.
You can control which images can be imported, tagged, and run in a cluster using the image controller. For additional information on the image controller, see Image configuration resources
Impact:
You need to regularly maintain your provenance configuration based on container image updates.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Follow the OpenShift documentation: Image configuration resources
Default Value:
By default, image provenance is not set.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.4
Control ID: cc54090386da656225ced66d5452c9d35ea4a2906db25aa954e6e062296244e1