STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform must generate audit records for all DoD-defined auditable events within all components in the platform.

DISA Rule

SV-233038r599521_rule

Vulnerability Number

V-233038

Group Title

SRG-APP-000089

Rule Version

SRG-APP-000089-CTR-000150

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the container platform to generate audit records for all DoD-defined auditable events within all the components of the container platform.

Check Contents

Review the container platform configuration to determine if the container platform is configured to generate audit records for all DoD-defined auditable events within all components in the platform.

Generate DoD-defined auditable events within all the components to determine if the events are being audited.

If the container platform is not configured to generate audit records for all DoD-defined auditable events within the components or the events are not generating audit records, this is a finding.

Vulnerability Number

V-233038

Documentable

False

Rule Version

SRG-APP-000089-CTR-000150

Severity Override Guidance

Review the container platform configuration to determine if the container platform is configured to generate audit records for all DoD-defined auditable events within all components in the platform.

Generate DoD-defined auditable events within all the components to determine if the events are being audited.

If the container platform is not configured to generate audit records for all DoD-defined auditable events within the components or the events are not generating audit records, this is a finding.

Check Content Reference

M

Target Key

5239

Comments