STIGQter: STIG Summary: Container Platform Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The container platform audit records must record user access start and end times.

DISA Rule

SV-233265r599683_rule

Vulnerability Number

V-233265

Group Title

SRG-APP-000505

Rule Version

SRG-APP-000505-CTR-001285

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the container platform to generate audit log for user access start and end times for any all accounts and services. Revise all applicable system documentation.

Check Contents

Review the container platform configuration for audit user access start and end times.

Ensure audit policy for user access start and end times are enabled.

Verify events are written to the log.

Validate system documentation is current.

If user access start and end times do not generate log records, this is a finding.

Vulnerability Number

V-233265

Documentable

False

Rule Version

SRG-APP-000505-CTR-001285

Severity Override Guidance

Review the container platform configuration for audit user access start and end times.

Ensure audit policy for user access start and end times are enabled.

Verify events are written to the log.

Validate system documentation is current.

If user access start and end times do not generate log records, this is a finding.

Check Content Reference

M

Target Key

5239

Comments