STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

DISA Rule

SV-206526r617447_rule

Vulnerability Number

V-206526

Group Title

SRG-APP-000091

Rule Version

SRG-APP-000091-DB-000325

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Deploy a DBMS capable of producing the required audit records when it denies or fails to complete access to privileges/permissions/role membership.

If currently required, configure the DBMS to produce audit records when it denies access to privileges/permissions/role membership.

Configure the DBMS to produce audit records when other errors prevent access to privileges/permissions/role membership.

Check Contents

Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to retrieve privileges/permissions/role membership.

If the DBMS is not capable of this, this is a finding.

If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when the DBMS denies retrieval of privileges/permissions/role memberships.

If they are not produced, this is a finding.

Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent retrieval of privileges/permissions/role memberships.

If they are not produced, this is a finding.

Vulnerability Number

V-206526

Documentable

False

Rule Version

SRG-APP-000091-DB-000325

Severity Override Guidance

Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to retrieve privileges/permissions/role membership.

If the DBMS is not capable of this, this is a finding.

If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when the DBMS denies retrieval of privileges/permissions/role memberships.

If they are not produced, this is a finding.

Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent retrieval of privileges/permissions/role memberships.

If they are not produced, this is a finding.

Check Content Reference

M

Target Key

2902

Comments