All audit records must identify any containers associated with the event within the container platform.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233048 | SRG-APP-000100-CTR-000200 | SV-233048r601633_rule | Medium |
| Description |
|---|
| Without information that establishes the identity of the containers offering user services or running on behalf of a user within the platform associated with audit events, security personnel cannot determine responsibility for potentially harmful events. |
| STIG | Date |
|---|---|
| Container Platform Security Requirements Guide | 2021-12-14 |
Details
| Check Text ( C-35984r601632_chk ) |
|---|
| Review the container platform configuration to determine if it is configured to generate audit records that contain the component information that generated the audit record. Generate audit records and review the data to determine if records are generated containing the component information that generated the record. If the container platform is not configured to generate audit records containing the component information or records are generated that do not contain the component information that generated the record, this is a finding. |
| Fix Text (F-35952r600632_fix) |
|---|
| Configure the container platform to include the component information that generated the audit record. |