Title

The container platform must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. (Cat II impact)

Discussion

In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of the application and is closely associated with the DBA and system administrator roles. The DBA or system administrator will usually coordinate the allocation of physical drive space with the application owner/installer and the application will prompt the installer to provide the capacity information, the physical location of the disk, or both.

Check Content

Review the container platform configuration to determine if audit record storage capacity is allocated in accordance with organization-defined audit record storage requirements. If audit record storage capacity is not allocated in accordance with organization-defined audit record storage requirements, this is a finding.

Fix Text

Configure the container platform to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

Additional Identifiers

Rule ID: SV-233168r879730_rule

Vulnerability ID: V-233168

Group Title: SRG-APP-000357

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.