STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

DISA Rule

SV-206534r617447_rule

Vulnerability Number

V-206534

Group Title

SRG-APP-000101

Rule Version

SRG-APP-000101-DB-000044

Severity

CAT II

CCI(s)

• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Weight

10

Fix Recommendation

Configure DBMS audit settings to include all organization-defined detailed information in the audit records for audit events identified by type, location, or subject.

Check Contents

Review the system documentation to identify what additional information the organization has determined to be necessary.

Check DBMS settings and existing audit records to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject.

If any additional information is defined and is not contained in the audit records, this is a finding.

Vulnerability Number

V-206534

Documentable

False

Rule Version

SRG-APP-000101-DB-000044

Severity Override Guidance

Review the system documentation to identify what additional information the organization has determined to be necessary.

Check DBMS settings and existing audit records to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject.

If any additional information is defined and is not contained in the audit records, this is a finding.

Check Content Reference

M

Target Key

2902

Comments