VMware Tanzu Application Service Compliance

The policy decision on what events to audit is a deployer responsibility. However, all technical controls implied by this requirement are satisfied by the Tanzu Application Service (TAS for VMs) platform.

When appropriately configured, the TAS for VMs platform audits all platform activity, and is compliant with this requirement. It is the responsibility of the deployer to configure an appropriate syslog destination, and also to leverage appropriate encryption and logical access controls for all audit data that is archived off-platform to an enterprise log management system.

TAS for VMs platform and application logs are synchronized to an enterprise provided time standard, and thus may be correlated with logs from other information systems as needed. The logging format for Cloud Controller and UAA follows the de-facto standard CEF logging format.

Additional information on specific audit capabilities can be found on the following pages:

• Logging Configuration

• Cloud Controller and UAA Logging

• BOSH Director Logging"

Control Description

The information system:

1. Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components];
2. Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and
3. Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Supplemental Guidance

Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.