STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Container Platform Security Requirements Guide

V-233185

CAT I (High)

The container platform runtime must prohibit the instantiation of container images without explicit privileged status.

Rule ID

SV-233185r981885_rule

STIG

Container Platform Security Requirements Guide

Version

V2R4

CCIs

CCI-003980

Discussion

Controlling access to those users and roles responsible for container image instantiation reduces the risk of untested or potentially malicious containers from being executed within the platform and on the hosting system. This access may be separate from the access required to install container images into the registry and those access requirements required to perform patch management and upgrades within the container platform. Explicit privileges (escalated or administrative privileges) provide the regular user with explicit capabilities and control that exceeds the rights of a regular user.

Check Content

Review the container platform runtime configuration to determine if only accounts given specific container instantiation privileges can execute the container image instantiation process. 

Attempt to instantiate a container image using an account that does not have the proper privileges to execute the process. 

If container images can be instantiated using an account without the proper privileges, this is a finding.

Fix Text

Configure the container platform runtime to prohibit the instantiation of container images without explicit container image instantiation privileges given to users.