The DBMS must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32374 | SRG-APP-000100-DB-000201 | SV-42711r1_rule | Medium |
| Description |
|---|
| Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Database software is capable of a range of actions on data stored within the database. It is important, for accurate forensic analysis, to know exactly who performed a given action. If user identification information is not recorded and stored with the audit record, the record itself is of very limited use. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40815r1_chk ) |
|---|
| Check DBMS settings and existing audit records to verify a user name associated with the event is being captured and stored with the audit records. If audit records exist without specific user information, this is a finding. |
| Fix Text (F-36288r1_fix) |
|---|
| Modify DBMS audit settings to include user name as part of the audit record. |