STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

V-257567

CAT II (Medium)

OpenShift must protect the confidentiality and integrity of transmitted information.

Rule ID

SV-257567r961632_rule

STIG

Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002418

Discussion

OpenShift provides for two types of application level ingress types, Routes, and Ingresses. Routes have been a part of OpenShift since version 3. Ingresses were promoted out of beta in Aug 2020 (kubernetes v1.19). Routes provides for three type of TLS configuration options; Edge, Passthrough, and Re-encrypt. Each of those options provide TLS encryption over HTTP for inbound transmissions originating outside the cluster. Ingresses will have an IngressController associated that manages the routing and proxying of inbound transmissions.

Check Content

Verify that routes and ingress are using secured transmission ports and protocols by executing the following:

oc get routes --all-namespaces

Review the ingress ports, if the Ingress is not using a secure TLS transport, this is a finding.

Fix Text

Delete any Route or Ingress that does not use a secure transport.

oc delete route <NAME> -n <NAMESPACE>

or

oc delete ingress <NAME> -n <NAMESPACE>