STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must initiate session auditing upon startup.

DISA Rule

SV-206527r617447_rule

Vulnerability Number

V-206527

Group Title

SRG-APP-000092

Rule Version

SRG-APP-000092-DB-000208

Severity

CAT II

CCI(s)

• CCI-001464 - The information system initiates session audits at system start-up.

Weight

10

Fix Recommendation

Deploy a DBMS capable of session auditing.

Configure the DBMS software or third-party product to enable session auditing.

Check Contents

Review DBMS vendor documentation to determine whether the DBMS software is capable of session auditing.

If the DBMS is not capable of session auditing and a third party product is not being used for session level auditing, this is a finding.

If the DBMS is capable of session level auditing and specific session audits are currently defined but session auditing is not enabled; or if a third-party product is available for session auditing and specific session audits are currently defined but session auditing is not enabled, this is a finding.

Vulnerability Number

V-206527

Documentable

False

Rule Version

SRG-APP-000092-DB-000208

Severity Override Guidance

Review DBMS vendor documentation to determine whether the DBMS software is capable of session auditing.

If the DBMS is not capable of session auditing and a third party product is not being used for session level auditing, this is a finding.

If the DBMS is capable of session level auditing and specific session audits are currently defined but session auditing is not enabled; or if a third-party product is available for session auditing and specific session audits are currently defined but session auditing is not enabled, this is a finding.

Check Content Reference

M

Target Key

2902

Comments