UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must notify users of organization defined security related changes to the users account occurring during the organization defined time period.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32346 SRG-APP-000079-DB-000182 SV-42683r1_rule Medium
Description
Some organizations may define certain security events as events requiring user notification. An organization may define an event, such as a password change to a user's account occurring outside of normal business hours, as a security related event requiring that the application user be notified. In those instances, where organizations define such events, the application must notify the affected user or users. Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40794r1_chk )
Review system documentation to identify security related changes the organization has defined as requiring notification. Review DBMS settings, including triggers and custom jobs, to determine if organization defined security related changes during an organization defined time period would trigger a user notification. If organization defined security related changes do not trigger a notification to the user, this is a finding.
Fix Text (F-36260r1_fix)
Utilize DBMS functionality or third party tools to alert users when organization defined security related changes to the user’s account occur during an organization defined time period.