SV-219742r401224_rule
V-219742
SRG-APP-000516-DB-000363
O112-BP-026200
CAT II
10
Define the policy for auditing changes to security labels defined for the data.
Document the audit requirements in the System Security Plan and configure database auditing in accordance with the policy.
If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this is not a finding.
If security labeling is not required, this is not a finding.
If no sensitive or classified data is identified by the Information Owner as requiring labeling in the System Security Plan and/or AIS Functional Architecture documentation, this is not a finding.
Run the SQL statement:
select * from dba_sa_audit_options;
If no records are returned or if output from the SQL statement above does not show classification labels being audited as required in the System Security Plan, this is a finding.
V-219742
False
O112-BP-026200
If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this is not a finding.
If security labeling is not required, this is not a finding.
If no sensitive or classified data is identified by the Information Owner as requiring labeling in the System Security Plan and/or AIS Functional Architecture documentation, this is not a finding.
Run the SQL statement:
select * from dba_sa_audit_options;
If no records are returned or if output from the SQL statement above does not show classification labels being audited as required in the System Security Plan, this is a finding.
M
4057