DISA STIG Guides
Rancher Government Solutions is currently in the process of developing and maintaining Rancher and RKE2 STIGs with DISA. We allow our customers to access these in-flight for further reference and encourage any feedback you may have.
We are eagerly awaiting the DISA release of our RKE2 STIG documents. Draft RKE2 STIGs are available upon request, please contact us at email@example.com or your account executive for an sneak-peek.
The following STIG documents address many generic configurations that any Kubernetes cluster should follow. RKE2 is very secure by default so a large portion of these is already built into RKE2, and the remaining can be either configured in a very declarative fashion or mitigated by other certified Rancher integrations. Note that both of these documents assume generic Kubernetes clusters so things like file paths may not be 1:1 to how RKE2 does things but they can still help with security by providing even more evidence of a secure cluster.
Kubernetes STIG – Ver 1, Rel 5:
This is the generic platform STIG and can also be used as a generic reference to ensure you’re covering all controls.
Container Platform SRG – Ver 1, Rel 1