UCF STIG Viewer Logo

ECDC-1 Data Change Controls


Transaction-based systems (e.g., database management systems, transaction processing systems) implement transaction roll-back and transaction journaling, or technical equivalents.

MAC / CONF Impact Subject Area
Medium Enclave Computing Environment


Without implementing transaction roll-back and journaling, unauthorized or unintentional modification or destruction of data stored in the database would cause the loss of critical data.  This implementation guide is aimed to help database administrators ensure the recovery of database data that was modified or deleted unintentionally or by unauthorized users.

1. The database administrator shall identify and determine if the database systems (e.g., Oracle, Microsoft SQL Server) implemented into the system provide transaction capabilities (e.g., transaction roll back and transaction journaling).
2. If the database systems provide the capability of transaction roll back and journaling, the database administrator shall enable the capability in order to log database updates to either files or disk partition according to DISA Database STIG and organization specific database guides.
3. If the database systems do not provide the transaction roll back and journaling or technical equivalent, the database administrator shall:
  · Identify a DoD approved 3rd party product that provides transaction roll back and journaling or technical equivalent
  · Configure the product and test it in a lab environment to ensure it functions properly
  · Install the product on the database system in the operational environment


  • DISA Database STIG, Version 7, Release 1, 29 October 2004
  • NSA Microsoft SQL Server Guides, 02 October 2003
  • NSA Oracle Database Server Guides, 02 October 2003
  • Center for Internet Security Database Security Checklist, 06 April 2005
  • Vendor Security Administration Guide, (Refer to if no DSSA/NSA/NIST/USG guidance is available)