Title

The container platform must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. (Cat II impact)

Discussion

To properly investigate an event, it is important to have enough granularity within the time stamps to determine the chronological order of the audited events. Without this granularity, events may be interpreted out of proper sequence, thus hobbling the investigation or causing the investigation to come to inaccurate conclusions. Time stamps generated by the container platform include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks.

Check Content

Review the container platform documentation and configuration files to determine if time stamps for log records meet a granularity of one second. If the time stamp cannot generate to a one-second granularity, this is a finding.

Fix Text

Configure the container platform to use time stamps for log records that can meet a granularity of one second.

Additional Identifiers

Rule ID: SV-233182r879748_rule

Vulnerability ID: V-233182

Group Title: SRG-APP-000375

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.