All audit records must identify where in the container platform the event occurred.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-233044	SRG-APP-000097-CTR-000180	SV-233044r960897_rule	CCI-000132	medium
Description
Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, that must be investigated. To make the audit data worthwhile for the investigation of events, it is necessary to know where within the container platform the event occurred.
STIG			Date
Container Platform Security Requirements Guide			2025-05-15

Related Frameworks

4 paths across 3 frameworks

NIST 800-531 mapping

AU-3

1.00

DISA · 2 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1712 mappings

3.3.1

1.00

DISA · 2 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

3.3.2

1.00

DISA · 2 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-000132

1.00

DISA · 2 · disa_xccdf · related

Details

Check Text (C-233044r960897_chk)

Review the container platform configuration to determine if all audit records identify where in the container platform the event occurred. Generate audit records and view the audit records to verify that the records do identify where in the container platform the event occurred. If the container platform is not configured to generate audit records that identify where in the container platform the event occurred, or if the generated audit records do not identify where in the container platform the event occurred, this is a finding.

Fix Text (F-35948r600620_fix)

Configure the container platform to generate audit records that identify where in the container platform the event occurred.