The container runtime must generate audit records for all container execution, shutdown, restart events, and program initiations.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-233270 | SRG-APP-000510-CTR-001310 | SV-233270r961845_rule | CCI-000172 | medium |
| Description | ||||
| The container runtime must generate audit records that are specific to the security and mission needs of the organization. Without audit record, it would be difficult to establish, correlate, and investigate events relating to an incident. | ||||
| STIG | Date | |||
| Container Platform Security Requirements Guide | 2025-05-15 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-12
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000172
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-233270r961845_chk)
Review the container runtime configuration to validate audit record generation for container execution, shutdown, and restart events.
If the container runtime does not generate records for container execution, shutdown and restart events, this is a finding.
Fix Text (F-36174r601298_fix)
Configure the container runtime to generate audit records for container execution, shutdown, and restart events.