STIGQter STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must be able to generate audit records when successful accesses to objects occur.

DISA Rule

SV-206636r617447_rule

Vulnerability Number

V-206636

Group Title

SRG-APP-000507

Rule Version

SRG-APP-000507-DB-000356

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Deploy a DBMS capable of producing the required audit records when object access occurs.

Configure audit settings to create audit records when the specified access to the specified objects occurs.

Check Contents

Review DBMS documentation to verify that administrative users can specify database objects for which access must be audited and can specify which kinds of access must be audited.

If the DBMS is not capable of this, this is a finding.

Review system documentation to determine whether the application owner has specified database objects (tables, views, procedures, functions, etc.) for which access must be audited. Review the DBMS/database security and audit settings to verify that the specified access to the specified objects is audited.

If not, this is a finding.

Vulnerability Number

V-206636

Documentable

False

Rule Version

SRG-APP-000507-DB-000356

Severity Override Guidance

Review DBMS documentation to verify that administrative users can specify database objects for which access must be audited and can specify which kinds of access must be audited.

If the DBMS is not capable of this, this is a finding.

Review system documentation to determine whether the application owner has specified database objects (tables, views, procedures, functions, etc.) for which access must be audited. Review the DBMS/database security and audit settings to verify that the specified access to the specified objects is audited.

If not, this is a finding.

Check Content Reference

M

Target Key

2902

Comments