Check: SRG-APP-000100-CTR-000200
Container Platform SRG:
SRG-APP-000100-CTR-000200
(in versions v1 r5 through v1 r1)
Title
All audit records must identify any containers associated with the event within the container platform. (Cat II impact)
Discussion
Without information that establishes the identity of the containers offering user services or running on behalf of a user within the platform associated with audit events, security personnel cannot determine responsibility for potentially harmful events.
Check Content
Review the container platform configuration to determine if it is configured to generate audit records that contain the component information that generated the audit record. Generate audit records and review the data to determine if records are generated containing the component information that generated the record. If the container platform is not configured to generate audit records containing the component information or records are generated that do not contain the component information that generated the record, this is a finding.
Fix Text
Configure the container platform to include the component information that generated the audit record.
Additional Identifiers
Rule ID: SV-233048r879568_rule
Vulnerability ID: V-233048
Group Title: SRG-APP-000100
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001487 |
The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event. |
Controls
| Number | Title |
|---|---|
| AU-3 |
Content Of Audit Records |