Check: SRG-APP-000504-CTR-001280
Container Platform SRG:
SRG-APP-000504-CTR-001280
(in versions v1 r5 through v1 r1)
Title
The container platform must generate audit record for privileged activities. (Cat II impact)
Discussion
The container platform components will generate audit records for privilege activities and container platform runtime, registry, and keystore must generate access audit records to detect possible malicious intent. All the components must use the same standard so that the events can be tied together to understand what took place within the overall container platform. It would be difficult to establish, correlate, and investigate events relating to an incident or identify those responsible without these activities. Audit records can be generated from various components within the container platform.
Check Content
Review the documentation and configuration guides to determine if the container platform generates log records for privileged activities. If log records are not generated for privileged activities, this is a finding.
Fix Text
Configure the container platform to generate log records for privileged activities.
Additional Identifiers
Rule ID: SV-233264r879875_rule
Vulnerability ID: V-233264
Group Title: SRG-APP-000504
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000172 |
The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3. |
Controls
| Number | Title |
|---|---|
| AU-12 |
Audit Generation |