Check: SRG-APP-000096-CTR-000175
Container Platform SRG:
SRG-APP-000096-CTR-000175
(in versions v1 r5 through v1 r1)
Title
The container platform audit records must have a date and time association with all events. (Cat II impact)
Discussion
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile for the investigation of events, it is necessary to know when the event occurred. To establish the time of the event, the audit record must contain the date and time.
Check Content
Review the container platform configuration for audit events date and time. Ensure audit policy for event date and time are enabled. Verify records showing event date and time are included in the log. Validate system documentation is current. If the date and time are not included, this is a finding.
Fix Text
Configure the container platform to include log date and time with the event. Revise all applicable system documentation.
Additional Identifiers
Rule ID: SV-233043r879564_rule
Vulnerability ID: V-233043
Group Title: SRG-APP-000096
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000131 |
The information system generates audit records containing information that establishes when an event occurred. |
Controls
| Number | Title |
|---|---|
| AU-3 |
Content Of Audit Records |