Title

The container platform must use internal system clocks to generate audit record time stamps. (Cat II impact)

Discussion

Understanding when and sequence of events for an incident is crucial to understand what may have taken place. Without a common clock, the components generating audit events could be out of synchronization and would then present a picture of the event that is warped and corrupted. To give a clear picture, it is important that the container platform and its components use a common internal clock.

Check Content

Review the container platform configuration files to determine if the internal system clock is used for time stamps. If the container platform does not use the internal system clock to generate time stamps, this is a finding.

Fix Text

Configure the container platform to use internal system clocks to generate time stamps for log records.

Additional Identifiers

Rule ID: SV-233055r879575_rule

Vulnerability ID: V-233055

Group Title: SRG-APP-000116

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.