STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.

DISA Rule

SV-235834r627629_rule

Vulnerability Number

V-235834

Group Title

SRG-APP-000359

Rule Version

DKER-EE-003330

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

Work with the SIEM administrator to configure an alert when audit storage space exceeds 75% usage.

Check Contents

Work with the SIEM administrator to determine if an alert is configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.

If there is no alert configured, this is a finding.

Vulnerability Number

V-235834

Documentable

False

Rule Version

DKER-EE-003330

Severity Override Guidance

Work with the SIEM administrator to determine if an alert is configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.

If there is no alert configured, this is a finding.

Check Content Reference

M

Target Key

5281

Comments