DISA Container Platform Security Requirements Guide (SRG) Alignment¶
This document describes how the Secure CINC Auditor Kubernetes Container Scanning solution aligns with the Defense Information Systems Agency (DISA) Container Platform Security Requirements Guide (SRG).
Overview¶
The DISA Container Platform SRG provides security requirements for container platforms used in DoD environments. This document outlines how our container scanning approaches align with these requirements.
SRG Requirement Alignment¶
| Vulnerability ID | Title | Requirement Summary | Alignment | Notes |
|---|---|---|---|---|
| V-233246 | Authentication | Container platforms must use DoD PKI established certificate authorities | ✅ High | Service account tokens with short lifespans |
| V-233253 | Authorization | Container platforms must enforce least privilege access | ✅ High | Least-privilege RBAC implementation |
| V-233262 | Isolation | Container platforms must implement resource isolation | ✅ High | Proper container isolation and boundaries |
| V-233273 | Encryption | Container platforms must protect data-in-transit | ✅ High | TLS encryption for all communications |
| V-233240 | Audit Logging | Container platforms must implement DoD-required audit logging | ✅ High | All scanning operations are logged |
Scanning Approach Compliance¶
Kubernetes API Approach¶
The Kubernetes API Approach provides the highest level of alignment with DISA Container Platform SRG requirements:
- Implements DoD-compliant authentication and authorization
- Uses Kubernetes native security controls
- Maintains proper isolation and least privilege
- Provides comprehensive audit logging
Debug Container Approach¶
The Debug Container Approach has moderate alignment with DISA Container Platform SRG requirements:
- Uses time-limited debug containers
- Implements appropriate RBAC controls
- Maintains isolation through container boundaries
Sidecar Container Approach¶
The Sidecar Container Approach has moderate alignment with DISA Container Platform SRG requirements:
- Uses pod-level isolation with shared process namespace
- Implements appropriate container security contexts
- Provides limited audit logging capabilities
Implementation Recommendations¶
For optimal alignment with DISA Container Platform SRG requirements in DoD environments, we recommend:
- Using the Kubernetes API Approach when possible
- Implementing the least-privilege RBAC controls provided
- Ensuring comprehensive audit logging
- Following the security hardening recommendations in our Enterprise Recommendations guide
Related Documentation¶
- DoD Instruction 8500.01 - Alignment with DoD Instructions
- Kubernetes STIG - STIG alignment information
- Approach Comparison - Security framework comparison