STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Kubernetes Security Technical Implementation Guide

V-242461

CAT II (Medium)

Kubernetes API Server audit logs must be enabled.

Rule ID

SV-242461r961863_rule

STIG

Kubernetes Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-000366

Discussion

Kubernetes API Server validates and configures pods and services for the API object. The REST operation provides frontend functionality to the cluster share state. Enabling audit logs provides a way to monitor and identify security risk events or misuse of information. Audit logs are necessary to provide evidence in the case the Kubernetes API Server is compromised requiring a Cyber Security Investigation.

Check Content

Change to the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Run the command:
grep -i audit-policy-file * 

If the setting "audit-policy-file" is not set or is found in the Kubernetes API manifest file without valid content, this is a finding.

Fix Text

Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Set the argument "--audit-policy-file" to "log file directory".