The container platform must audit non-local maintenance and diagnostic sessions' organization-defined audit events associated with non-local maintenance.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-233206	SRG-APP-000409	SRG-APP-000409-CTR-000990	SV-233206r961548_rule	2024-12-05	2

Description
To fully investigate an attack, it is important to understand the event and those events taking place during the same time period. Often, non-local administrative access and diagnostic sessions are not logged. These events are seen as only administrative functions and not worthy of being audited, but these events are important in any investigation and are a major tool for assessing and investigating attacks.

Description

To fully investigate an attack, it is important to understand the event and those events taking place during the same time period. Often, non-local administrative access and diagnostic sessions are not logged. These events are seen as only administrative functions and not worthy of being audited, but these events are important in any investigation and are a major tool for assessing and investigating attacks.

ℹ️ Check
Review the container platform to verify if the platform is auditing non-local maintenance and diagnostic sessions' organization-defined audit events. If the container platform is not auditing non-local maintenance and diagnostic sessions' organization-defined audit events, this is a finding.

✔️ Fix
Configure the container platform to audit non-local maintenance and diagnostic sessions' organization-defined audit events.