The container runtime must generate audit records for all container execution, shutdown, restart events, and program initiations.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-233270	SRG-APP-000510-CTR-001310	SV-233270r961845_rule		Medium

Description

The container runtime must generate audit records that are specific to the security and mission needs of the organization. Without audit record, it would be difficult to establish, correlate, and investigate events relating to an incident.

STIG	Date
Container Platform Security Requirements Guide	2025-05-15

Details

Check Text (C-36206r601847_chk)

Review the container runtime configuration to validate audit record generation for container execution, shutdown, and restart events.

If the container runtime does not generate records for container execution, shutdown and restart events, this is a finding.

Fix Text (F-36174r601298_fix)

Configure the container runtime to generate audit records for container execution, shutdown, and restart events.