The container must have resource request limits set.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-270875	SRG-APP-000247-CTR-000330	SV-270875r1050646_rule		Medium

Description

Setting a container resource request limit allows the container platform to determine the best location for the container to execute. The container platform looks at the resources available and finds the location that will require the minimum resources for the container to execute. Examples of resources that can be specified are CPU, memory, and storage.

STIG	Date
Container Platform Security Requirements Guide	2025-05-15

Details

Check Text (C-74910r1050644_chk)

Review the container platform configuration to determine that resource limits are set.

If the container platform does not enforce resource limits, this is a finding.

Fix Text (F-74811r1050645_fix)

Configure the container platform to restrict the ability of users or other systems to launch denial-of-service (DoS) attacks from the container platform components by setting resource limits on resources such as memory, storage, and CPU utilization.