Detections
Analytics

DISA Rancher Government Solutions RKE2 STIG v2r3

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Rancher Government Solutions RKE2 STIG v2r3

Updated: 12/10/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 25

Audit Items

DescriptionCategories
CNTR-R2-000010 - Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.
CNTR-R2-000030 - RKE2 must use a centralized user management solution to support account management functions.
CNTR-R2-000060 - Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
CNTR-R2-000100 - The Kubernetes Controller Manager must have secure binding.
CNTR-R2-000110 - The Kubernetes Kubelet must have anonymous authentication disabled.
CNTR-R2-000120 - The Kubernetes API server must have the insecure port flag disabled.
CNTR-R2-000130 - The Kubernetes Kubelet must have the read-only port flag disabled.
CNTR-R2-000140 - The Kubernetes API server must have the insecure bind address not set.
CNTR-R2-000150 - The Kubernetes kubelet must enable explicit authorization.
CNTR-R2-000160 - The Kubernetes API server must have anonymous authentication disabled.
CNTR-R2-000320 - All audit records must identify any containers associated with the event within Rancher RKE2.
CNTR-R2-000460 - Rancher RKE2 must be built from verified packages.
CNTR-R2-000520 - Configuration and authentication files for Rancher RKE2 must be protected.
CNTR-R2-000550 - Rancher RKE2 must be configured with only essential configurations.
CNTR-R2-000580 - Rancher RKE2 runtime must enforce ports, protocols, and services that adhere to the PPSM CAL.
CNTR-R2-000800 - Rancher RKE2 must store only cryptographic representations of passwords.
CNTR-R2-000890 - Rancher RKE2 must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after five minutes of inactivity.
CNTR-R2-000940 - Rancher RKE2 runtime must isolate security functions from nonsecurity functions.
CNTR-R2-000970 - Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.
CNTR-R2-001130 - Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
CNTR-R2-001270 - Rancher RKE2 must prohibit the installation of patches, updates, and instantiation of container images without explicit privileged status.
CNTR-R2-001500 - Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2.
CNTR-R2-001580 - Rancher RKE2 must remove old components after updated versions have been installed.
CNTR-R2-001620 - Rancher RKE2 registry must contain the latest images with most recent updates and execute within Rancher RKE2 runtime as authorized by IAVM, CTOs, DTMs, and STIGs.
DISA_STIG_Rancher_Government_Solutions_RKE2_v2r3.audit from DISA Rancher Government Solutions RKE2 STIG v2r3