The container runtime must generate audit records for all container execution, shutdown, restart events, and program initiations.

STIG ID: SRG-APP-000510-CTR-001310  |  SRG: SRG-APP-000510 |  Severity: medium |  CCI: CCI-000172 |  Vulnerability Id: V-233270

Vulnerability Discussion

The container runtime must generate audit records that are specific to the security and mission needs of the organization. Without audit record, it would be difficult to establish, correlate, and investigate events relating to an incident.

Check

Review the container runtime configuration to validate audit record generation for container execution, shutdown, and restart events.

If the container runtime does not generate records for container execution, shutdown and restart events, this is a finding.

Fix

Configure the container runtime to generate audit records for container execution, shutdown, and restart events.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.