STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must generate audit records for the DoD-selected list of auditable events, to the extent such information is available.

DISA Rule

SV-219753r395712_rule

Vulnerability Number

V-219753

Group Title

SRG-APP-000091-DB-000066

Rule Version

O112-C2-007000

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the DBMS's auditing settings to include auditing of events on the DoD-selected list of auditable events.

For more information on the configuration of auditing in the DBMS, please refer to "Auditing Database Activity" in the Oracle Database 2 Day + Security Guide:
http://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_auditing.htm
and "Verifying Security Access with Auditing" in the Oracle Database Security Guide: http://docs.oracle.com/cd/E11882_01/network.112/e36292/auditing.htm#DBSEG006
and "27 DBMS_AUDIT_MGMT" in the Oracle Database PL/SQL Packages and Types Reference:
http://docs.oracle.com/cd/E11882_01/appdev.112/e40758/d_audit_mgmt.htm

Check Contents

Check DBMS and OS settings to determine if auditing is being performed on the events on the DoD-selected list of auditable events. If auditing is not being performed for any of the events on the DoD-selected list of auditable events, this is a finding.

Vulnerability Number

V-219753

Documentable

False

Rule Version

O112-C2-007000

Severity Override Guidance

Check DBMS and OS settings to determine if auditing is being performed on the events on the DoD-selected list of auditable events. If auditing is not being performed for any of the events on the DoD-selected list of auditable events, this is a finding.

Check Content Reference

M

Target Key

4057

Comments