>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

V-274883Sensitive information must be stored using Kubernetes Secrets or an external Secret store provider.

CAT I - High
CNTR-K8-001161

>Control Description

Sensitive information, such as passwords, keys, and tokens must not be stored in application code. Kubernetes offers a resource called Secrets that are designed for storing sensitive information for use by applications. Secrets are created and managed separately from application code. Additionally, they can be encrypted at rest and access to the secrets can be controlled via RBAC.

>Check Content

On the Kubernetes Master node, run the following command: kubectl get all,cm -A -o yaml Manually review the output for sensitive information. If any sensitive information is found, this is a finding.

>Remediation

Any sensitive information found must be stored in an approved external Secret store provider or use Kubernetes Secrets (attached on an as-needed basis to pods).

>CCI References

CCI-004062

Control Correlation Identifiers (CCIs) map STIG findings to NIST 800-53 controls.

>Cross-Framework Mappings

NIST SP 800-53 r5

via DISA CCI List
IA-7
Compare

Ask AI

Configure your API key to use AI features.