UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must initiate session auditing upon startup of the database.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32365 SRG-APP-000092-DB-000208 SV-42702r1_rule Medium
Description
Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations. Typically, auditing is limited to specific user actions or security events. Session auditing can record every user action of a specific user or group of users. If session auditing is not available it could impede legal investigations into malicious use or compromise of the database.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40807r2_chk )
Review DBMS vendor documentation to determine whether the DBMS software is capable of session auditing. Review the DBMS settings to determine whether session auditing is enabled. If the DBMS is not capable of session auditing and a third party product is not being used for session level auditing, this is a finding.

If the DBMS is capable of session level auditing but session auditing is not enabled, or if a third party product is available for session auditing but is not enabled, this is a finding.
Fix Text (F-36280r2_fix)
Utilize DBMS software or a third party product that supports session auditing.

Configure the DBMS software or third party product to enable session auditing.