DISA STIG Guides
Rancher Government Solutions is currently in the process of developing and maintaining Rancher and RKE2 STIGs with DISA. We allow our customers to access these in-flight for further reference and encourage any feedback you may have.
Rancher STIG
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RGS_MCM_V1R1_STIG.zip
RKE2 STIG
We are eagerly awaiting the DISA release of our RKE2 STIG documents. Draft RKE2 STIGs are available upon request, please contact us at contact@rancherfederal.com or your account executive for an sneak-peek.
The following STIG documents address many generic configurations that any Kubernetes cluster should follow. RKE2 is very secure by default so a large portion of these is already built into RKE2, and the remaining can be either configured in a very declarative fashion or mitigated by other certified Rancher integrations. Note that both of these documents assume generic Kubernetes clusters so things like file paths may not be 1:1 to how RKE2 does things but they can still help with security by providing even more evidence of a secure cluster.
Kubernetes STIG – Ver 1, Rel 5:
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R5_STIG.zip
This is the generic platform STIG and can also be used as a generic reference to ensure you’re covering all controls.
Container Platform SRG – Ver 1, Rel 1
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Container_Platform_V1R3_SRG.zip