The DBMS must associate the identity of the information producer with the information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32348 | SRG-APP-000081-DB-000165 | SV-42685r1_rule | Low |
| Description |
|---|
| Non-repudiation supports audit requirements to provide the appropriate organizational officials the means to identify who produced specific information in the event of an information transfer. The nature and strength of the binding between the information producer and the information are determined and approved by the appropriate organizational officials based on the security categorization of the information and relevant risk factors. Databases provide mechanisms, such as audit records and security labels. If information is inserted or updated within the database and the producer of the information is not associated to the information, there is no protection against a user denying having performed a particular action. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40796r1_chk ) |
|---|
| Review DBMS configuration to identify whether information is tightly bound with data identifying the producer of the information. If information does not contain some means to identify who produced the data, this is a finding. |
| Fix Text (F-36262r1_fix) |
|---|
| Utilize DBMS functionality or third party tools to bind the producer of the information to the information produced. |