STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Container Platform Security Requirements Guide

V-233184

CAT II (Medium)

The container platform must prohibit the installation of patches and updates without explicit privileged status.

Rule ID

SV-233184r981884_rule

STIG

Container Platform Security Requirements Guide

Version

V2R4

CCIs

CCI-003980

Discussion

Controlling access to those users and roles responsible for patching and updating the container platform reduces the risk of untested or potentially malicious software from being installed within the platform. This access may be separate from the access required to install container images into the registry and those access requirements required to instantiate an image into a service. Explicit privileges (escalated or administrative privileges) provide the regular user with explicit capabilities and control that exceeds the rights of a regular user.

Check Content

Review the container platform configuration to determine if patches and updates can only be installed through accounts with privileged status. 

Attempt to install a patch or upgrade using a nonprivileged user account. 

If patches or updates can be installed using a nonprivileged account or the container platform is not configured to stop the installation using a nonprivileged account, this is a finding.

Fix Text

Configure the container platform to only allow patch installation and upgrades using privileged accounts.