DISA STIG Guides
Rancher Government Services are currently in the process of developing Rancher and RKE2 STIGs with DISA. We allow our customers to access these in-flight for further reference and encourage any feedback you may have. These STIG documents are not in the official draft state with DISA yet; they are in the development stages.
Rancher Draft DISA STIG
https://rfed-public.s3-us-gov-east-1.amazonaws.com/RGS-STIG-Drafts/RancherMCM_V1_091221.xlsm
RKE2 Draft DISA STIG
https://rfed-public.s3-us-gov-east-1.amazonaws.com/RGS-STIG-Drafts/RKE2_800-53_STIG.xlsx
The following STIG documents address many generic configurations that any Kubernetes cluster should follow. RKE2 is very secure by default so a large portion of these is already built into RKE2, and the remaining can be either configured in a very declarative fashion or mitigated by other certified Rancher integrations. Note that both of these documents assume generic Kubernetes clusters so things like file paths may not be 1:1 to how RKE2 does things but they can still help with security by providing even more evidence of a secure cluster.
Kubernetes Draft STIG – Ver 1, Rel 1:
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R1_STIG.zip
This is the generic platform STIG and can also be used as a generic reference to ensure you’re covering all controls.
Container Platform SRG – Ver 1, Rel 1
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Container_Platform_V1R1_SRG.zip