The DBMS must provide the ability to write specified audit record content to a centralized audit log repository.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32376	SRG-APP-000102-DB-000045	SV-42713r1_rule		Medium

Description
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes but is not limited: timestamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, file names involved, access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as, the backup and archiving of those records. When organizations define application components requiring centralized audit log management, applications need to support that requirement. Database audit records not stored in a centralized audit log management tool may be overlooked during investigation of a security incident or may be subject to intentional or accidental manipulation by privileged users of the database.

Description

Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes but is not limited: timestamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, file names involved, access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as, the backup and archiving of those records. When organizations define application components requiring centralized audit log management, applications need to support that requirement. Database audit records not stored in a centralized audit log management tool may be overlooked during investigation of a security incident or may be subject to intentional or accidental manipulation by privileged users of the database.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40817r1_chk )
Review vendor documentation to verify DBMS has the capability to write audit record content to a centralized audit log repository at an organization defined frequency. If the DBMS cannot write audit record data to a centralized audit log repository and there is not a third party application to provide this ability, this is a finding.

Fix Text (F-36290r1_fix)
Utilize a DBMS with the native ability to write audit record content to a centralized audit log repository or procure a third party application that can.