UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must support the organizational requirements for automatically monitoring, auditing, and alerting on atypical usage of accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32200 SRG-APP-000030-DB-000173 SV-42517r1_rule Medium
Description
Atypical account usage is behavior that is not part of normal usage cycles, for example, user account activity occurring after hours or on weekends. A comprehensive account management process will ensure an audit trail which documents the use of application user accounts and as required, notifies administrators and/or application owners exists. Monitoring, auditing, and alerting greatly reduces the risk that compromised user accounts will continue to be used by unauthorized persons and provides logging that can be used for forensic purposes. Alerting on atypical usage need not be real-time. Alerts can take many forms and may include emails, pages, database flags, or others deemed appropriate by the organization, and may be generated via a centralized log repository.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40705r2_chk )
Check DBMS settings, OS settings, and/or enterprise level authentication/access mechanisms settings to determine if atypical database account usage is being automatically monitored, audited, and alerted on. Verify the type of alert is documented in the system security plan, if alert types are not documented, this is a finding.

If atypical database account usage is not being monitored, audited, and alerted on, this is a finding.
Fix Text (F-36124r1_fix)
Configure DBMS, OS, and/or enterprise level authentication/access mechanisms to monitor, audit, and alert on atypical database account usage.