The container platform must accept Personal Identity Verification (PIV) credentials from other federal agencies.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-233202	SRG-APP-000402-CTR-000970	SV-233202r961527_rule		Medium

Description

Controlling access to the container platform and its components is paramount in having a secure and stable system. Validating users is the first step in controlling the access. Users may be validated by the overall container platform or they may be validated by each component. It is essential to accept PIV credentials from other federal agencies and eliminate the possibility of access being denied to authorized users. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

STIG	Date
Container Platform Security Requirements Guide	2025-05-15

Details

Check Text (C-36138r601093_chk)

Review the documentation and configuration to determine if the container platform accepts PIV credentials from other federal agencies.

If the container platform does not accept other federal agency PIV credentials, this is a finding.

Fix Text (F-36106r601094_fix)

Configure the container platform to accept PIV credentials from other federal agencies.