Title

All audit records must identify where in the container platform the event occurred. (Cat II impact)

Discussion

Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile for the investigation of events, it is necessary to know where within the container platform the event occurred.

Check Content

Review the container platform configuration to determine if all audit records identify where in the container platform the event occurred. Generate audit records and view the audit records to verify that the records do identify where in the container platform the event occurred. If the container platform is not configured to generate audit records that identify where in the container platform the event occurred, or if the generated audit records do not identify where in the container platform the event occurred, this is a finding.

Fix Text

Configure the container platform to generate audit records that identify where in the container platform the event occurred.

Additional Identifiers

Rule ID: SV-233044r879565_rule

Vulnerability ID: V-233044

Group Title: SRG-APP-000097

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.