All audit records must identify any users associated with the event within the container platform.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233047 | SRG-APP-000100-CTR-000195 | SV-233047r960906_rule | CCI-001487 | medium |
| Description | ||||
| Without information that establishes the identity of the user associated with the events, security personnel cannot determine responsibility for the potentially harmful event. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-3
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001487
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-233047r960906_chk)
Review container platform documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.
If the container platform does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.
Fix Text (F-35951r600629_fix)
Configure the container platform logging system to log the identity of the user or process related to the events.