Check: SRG-APP-000374-CTR-000865
Container Platform SRG:
SRG-APP-000374-CTR-000865
(in versions v2 r2 through v1 r1)
Title
All audit records must use UTC or GMT time stamps. (Cat II impact)
Discussion
The container platform and its components must generate audit records using either Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) time stamps or local time that offset from UTC. All the components must use the same standard so that the events can be tied together to understand what took place within the overall container platform. Time stamps generated by the container platform and its components must include date and time.
Check Content
Review the container platform documentation and configuration files to determine if time stamps for log records can be mapped to UTC or GMT or local time that offsets from UTC. If the time stamp cannot be mapped to UTC or GMT, this is a finding.
Fix Text
Configure the container platform to use UTC or GMT or local time that offset from UTC based time stamps for log records.
Additional Identifiers
Rule ID: SV-233181r961443_rule
Vulnerability ID: V-233181
Group Title: SRG-APP-000374
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001890 |
Record time stamps for audit records that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp. |
Controls
| Number | Title |
|---|---|
| AU-8 |
Time Stamps |