Checklist Summary:

The Mirantis Kubernetes Engine (MKE) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DOD) information systems. This document is meant for use in conjunction with other STIGs and appropriate operating system STIGs. MKE is a container orchestration platform for developing and running modern applications at scale, on private clouds, public clouds, and on bare metal. This STIG was tested using MKE version 3.7. Orchestration Philosophy: Whether the application requirements are complex and require medium to large clusters, or simple clusters that can be deployed quickly on development environments, MKE gives users a container orchestration choice. Deploy Kubernetes, Swarm, or both types of clusters and manage them on a single MKE instance or centrally manage the instance using Mirantis Container Cloud. Docker Swarm: Docker Swarm is a native clustering and orchestration solution provided by Docker. It is designed to be simple and user-friendly, making it a good choice for users who are new to container orchestration. Kubernetes: Kubernetes is a more feature-rich and complex container orchestration platform. It is known for its declarative configuration, robust scaling capabilities, and extensive ecosystem of tools and extensions. Kubernetes is widely adopted in large-scale and production environments.

Checklist Role:

• Business Productivity Application

Known Issues:

Not provided.

Target Audience:

Parties within the DoD and federal government’s computing environments can obtain the applicable STIG from the DoD Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a Common Access Card (CAC) that has DoD Certificates can obtain the STIG from https://public.cyber.mil/.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

This document is provided under the authority of DoDI 8500.01.

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.

Disclaimer:

The existence of a STIG does not equate to DOD approval for the procurement or use of a product. STIGs provide configurable operational security guidance for products being used by the DOD. STIGs, along with vendor confidential documentation, also provide a basis for assessing compliance with cybersecurity controls/control enhancements, which supports system assessment and authorization (A&A) under the DOD Risk Management Framework (RMF). Department of Defense AOs may request available vendor confidential documentation for a product that has a STIG for product evaluation and RMF purposes from disa.stig_spt@mail.mil. This documentation is not published for general access to protect the vendor’s proprietary information.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Initial Submission - 4/19/24
Updated Resource Title - 4/19/24
Candidate to Final - 5/23/24
Updated Version, Resources and SHA - 08/08/2024
Updated Resource Title - 08/09/2024

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 08/09/2024