Check: SRG-APP-000510-CTR-001310
Container Platform SRG:
SRG-APP-000510-CTR-001310
(in versions v1 r5 through v1 r1)
Title
The container runtime must generate audit records for all container execution, shutdown, restart events, and program initiations. (Cat II impact)
Discussion
The container runtime must generate audit records that are specific to the security and mission needs of the organization. Without audit record, it would be difficult to establish, correlate, and investigate events relating to an incident.
Check Content
Review the container runtime configuration to validate audit record generation for container execution, shutdown, and restart events. If the container runtime does not generate records for container execution, shutdown and restart events, this is a finding.
Fix Text
Configure the container runtime to generate audit records for container execution, shutdown, and restart events.
Additional Identifiers
Rule ID: SV-233270r879881_rule
Vulnerability ID: V-233270
Group Title: SRG-APP-000510
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000172 |
The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3. |
Controls
| Number | Title |
|---|---|
| AU-12 |
Audit Generation |