Check: SRG-APP-000095-CTR-000170
Container Platform SRG:
SRG-APP-000095-CTR-000170
(in versions v1 r5 through v1 r1)
Title
All audit records must identify what type of event has occurred within the container platform. (Cat II impact)
Discussion
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile for the investigation of events, it is necessary to know what type of event occurred.
Check Content
Review the container platform configuration for audit event types. Ensure audit policy for event type is enabled. Verify records showing what type of event occurred are written to the log. Validate system documentation is current. If log data does not show the type of event, this is a finding.
Fix Text
Configure the container platform to include the event type in the log data. Revise all applicable system documentation.
Additional Identifiers
Rule ID: SV-233042r879563_rule
Vulnerability ID: V-233042
Group Title: SRG-APP-000095
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000130 |
The information system generates audit records containing information that establishes what type of event occurred. |
Controls
| Number | Title |
|---|---|
| AU-3 |
Content Of Audit Records |