Navigate

Check: SRG-APP-000100-CTR-000195

Container Platform SRG: SRG-APP-000100-CTR-000195 (in versions v1 r5 through v1 r1)

Title

All audit records must identify any users associated with the event within the container platform. (Cat II impact)

Discussion

Without information that establishes the identity of the user associated with the events, security personnel cannot determine responsibility for the potentially harmful event.

Check Content

Review container platform documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data. If the container platform does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Fix Text

Configure the container platform logging system to log the identity of the user or process related to the events.

Additional Identifiers

Rule ID: SV-233047r879568_rule

Vulnerability ID: V-233047

Group Title: SRG-APP-000100

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001487	The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-3	Content Of Audit Records