| CNTR-R2-000010 - Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules. | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-R2-000030 - RKE2 must use a centralized user management solution to support account management functions. | ACCESS CONTROL |
| CNTR-R2-000060 - Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| CNTR-R2-000100 - The Kubernetes Controller Manager must have secure binding. | ACCESS CONTROL |
| CNTR-R2-000110 - The Kubernetes Kubelet must have anonymous authentication disabled. | ACCESS CONTROL |
| CNTR-R2-000120 - The Kubernetes API server must have the insecure port flag disabled. | ACCESS CONTROL |
| CNTR-R2-000130 - The Kubernetes Kubelet must have the read-only port flag disabled. | ACCESS CONTROL |
| CNTR-R2-000140 - The Kubernetes API server must have the insecure bind address not set. | ACCESS CONTROL |
| CNTR-R2-000150 - The Kubernetes kubelet must enable explicit authorization. | ACCESS CONTROL |
| CNTR-R2-000160 - The Kubernetes API server must have anonymous authentication disabled. | ACCESS CONTROL |
| CNTR-R2-000320 - All audit records must identify any containers associated with the event within Rancher RKE2. | AUDIT AND ACCOUNTABILITY |
| CNTR-R2-000460 - Rancher RKE2 must be built from verified packages. | CONFIGURATION MANAGEMENT |
| CNTR-R2-000520 - Configuration and authentication files for Rancher RKE2 must be protected. | CONFIGURATION MANAGEMENT |
| CNTR-R2-000550 - Rancher RKE2 must be configured with only essential configurations. | CONFIGURATION MANAGEMENT |
| CNTR-R2-000580 - Rancher RKE2 runtime must enforce ports, protocols, and services that adhere to the PPSM CAL. | CONFIGURATION MANAGEMENT |
| CNTR-R2-000800 - Rancher RKE2 must store only cryptographic representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| CNTR-R2-000890 - Rancher RKE2 must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after five minutes of inactivity. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-R2-000940 - Rancher RKE2 runtime must isolate security functions from nonsecurity functions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-R2-000970 - Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-R2-001130 - Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | ACCESS CONTROL |
| CNTR-R2-001270 - Rancher RKE2 must prohibit the installation of patches, updates, and instantiation of container images without explicit privileged status. | CONFIGURATION MANAGEMENT |
| CNTR-R2-001500 - Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-R2-001580 - Rancher RKE2 must remove old components after updated versions have been installed. | SYSTEM AND INFORMATION INTEGRITY |
| CNTR-R2-001620 - Rancher RKE2 registry must contain the latest images with most recent updates and execute within Rancher RKE2 runtime as authorized by IAVM, CTOs, DTMs, and STIGs. | SYSTEM AND INFORMATION INTEGRITY |
| DISA_Rancher_Government_Solutions_RKE2_STIG_v2r3.audit from DISA Rancher Government Solutions RKE2 STIG v2r3 | |
