STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

All audit records must identify any users associated with the event within the container platform.

DISA Rule

SV-233047r599539_rule

Vulnerability Number

V-233047

Group Title

SRG-APP-000100

Rule Version

SRG-APP-000100-CTR-000195

Severity

CAT II

CCI(s)

• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.

Weight

10

Fix Recommendation

Configure the container platform logging system to log the identity of the user or process related to the events.

Check Contents

Review container platform documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.

If the container platform does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Vulnerability Number

V-233047

Documentable

False

Rule Version

SRG-APP-000100-CTR-000195

Severity Override Guidance

Review container platform documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.

If the container platform does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Check Content Reference

M

Target Key

5239

Comments