STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide

V-252843

CAT I (High)

Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

Rule ID

SV-252843r1043176_rule

STIG

Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000015CCI-000016CCI-000044CCI-000134CCI-000154CCI-000162CCI-000163CCI-000164CCI-000187CCI-004066CCI-004062CCI-000197CCI-004061CCI-000206CCI-000213CCI-000764CCI-000765CCI-000766CCI-003627CCI-001090CCI-001350CCI-001368CCI-001403CCI-001493CCI-001494CCI-001495CCI-001499CCI-001764CCI-003980CCI-001813CCI-003938CCI-001941CCI-004045CCI-002235CCI-002238CCI-000192CCI-000193CCI-000194CCI-000195CCI-000196CCI-000198CCI-000199CCI-000205CCI-000795CCI-001619CCI-001812CCI-001814CCI-002142

Discussion

RBAC Integration and Authn/Authz Centralized authentication services provide additional functionality fulfilling security requirements: - Multi-factor authentication, which is compatible with Rancher MCM. - Disabling users after a period of time. - Storage and transmission of secure information is encrypted. - Secure authentication protocols such as LDAP over TLS, or LDAPS using FIPS 140-2 approved encryption modules. - PKI based authentication. Rancher MCM can integrate with external centralized authentication but does not offer a native solution. The authentication mechanism needs to be initially enabled and configured. The proxy authenticates users and forwards their requests to Kubernetes clusters using a service account. Satisfies: SRG-APP-000023-CTR-000055, SRG-APP-000024-CTR-000060, SRG-APP-000027-CTR-000075, SRG-APP-000029-CTR-000085, SRG-APP-000033-CTR-000095, SRG-APP-000038-CTR-000105, SRG-APP-000065-CTR-000115, SRG-APP-000099-CTR-000190, SRG-APP-000111-CTR-000220, SRG-APP-000118-CTR-000240, SRG-APP-000119-CTR-000245, SRG-APP-000120-CTR-000250, SRG-APP-000121-CTR-000255, SRG-APP-000122-CTR-000260, SRG-APP-000123-CTR-000265, SRG-APP-000126-CTR-000275, SRG-APP-000133-CTR-000310, SRG-APP-000148-CTR-000335, SRG-APP-000148-CTR-000340, SRG-APP-000148-CTR-000345, SRG-APP-000148-CTR-000350, SRG-APP-000149-CTR-000355, SRG-APP-000150-CTR-000360, SRG-APP-000156-CTR-000380, SRG-APP-000163-CTR-000395, SRG-APP-000164-CTR-000400, SRG-APP-000165-CTR-000405, SRG-APP-000166-CTR-000410, SRG-APP-000167-CTR-000415, SRG-APP-000168-CTR-000420, SRG-APP-000169-CTR-000425, SRG-APP-000170-CTR-000430, SRG-APP-000171-CTR-000435, SRG-APP-000172-CTR-000440, SRG-APP-000173-CTR-000445, SRG-APP-000174-CTR-000450, SRG-APP-000177-CTR-000465, SRG-APP-000178-CTR-000470, SRG-APP-000243-CTR-000595, SRG-APP-000317-CTR-000735, SRG-APP-000340-CTR-000770, SRG-APP-000345-CTR-000785, SRG-APP-000378-CTR-000880, SRG-APP-000378-CTR-000885, SRG-APP-000378-CTR-000890, SRG-APP-000380-CTR-000900, SRG-APP-000381-CTR-000905, SRG-APP-000384-CTR-000915, SRG-APP-000319-CTR-000745

Check Content

RBAC Integration and Authn/Authz

View and modify authentication settings through the Rancher MCM UI.

Navigate to Triple Bar Symbol(Global) >> Users & Authentication >> Auth Provider.

This screen shows the authentication mechanism that is configured. If no authentication mechanism is configured or disabled, this is a finding.

Fix Text

RBAC Integration and Authn/Authz

Navigate to Triple Bar Symbol(Global) >> Users & Authentication >> Auth Provider.

From this screen the authentication mechanism can be selected and configured. 

This STIG is written and tested with KeyCloak and not included with Rancher MCM. Installation instructions for KeyCloak can be found here:

https://www.keycloak.org/getting-started/getting-started-kube