Least privilege access and need to know must be required to access the container platform keystore.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-233028	SRG-APP-000033	SRG-APP-000033-CTR-000100	SV-233028r960792_rule	2024-12-05	2

Description
The container platform keystore is used to store access keys and tokens for trusted access to and from the container platform. The keystore gives the container platform a method to store the confidential data in a secure way and to encrypt the data when at rest. If this data is not protected through access controls, it can be used to access trusted sources as the container platform breaking the trusted relationship. To circumvent unauthorized access to the keystore, the container platform must have access controls in place to only allow those individuals with keystore duties.

Description

The container platform keystore is used to store access keys and tokens for trusted access to and from the container platform. The keystore gives the container platform a method to store the confidential data in a secure way and to encrypt the data when at rest. If this data is not protected through access controls, it can be used to access trusted sources as the container platform breaking the trusted relationship. To circumvent unauthorized access to the keystore, the container platform must have access controls in place to only allow those individuals with keystore duties.

ℹ️ Check
Review the container platform to determine if only those individuals with keystore duties have access to the container platform keystore. If users have access to the container platform keystore that do not have keystore duties, this is a finding.

✔️ Fix
Configure the container platform to use least privilege and need to know when granting access to the container keystore. The fix ensures the proper roles and permissions are configured.