UCF STIG Viewer Logo

Attempts to bypass access controls must be audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32390 SRG-APP-000115-DB-000056 SV-42727r1_rule Medium
Description
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Detection of suspicious activity including access attempts and successful access from unexpected places, during unexpected times, or other unusual indicators can support decisions to apply countermeasures to deter an attack. Without detection, malicious activity may proceed without hindrance.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40832r1_chk )
Review any audit settings for:
- Unsuccessful logon attempts;
- Account locking events;
- Account disabling from a specific source location;
- Failed database object attempts or attempts to access objects that do not exist; and
- Other activities that may produce unexpected failures or trigger DBMS lockdown actions.

If any of the above events as applicable to the DBMS are not audited, this is a finding.
Fix Text (F-36305r1_fix)
Configure auditing to capture the events listed below where available in the DBMS:
- Unsuccessful logon attempts
- Account locking events
- Account disabling from a specific source location
- Failed database object attempts or attempts to access objects that do not exist
- Other activities that may produce unexpected failures or trigger DBMS lockdown actions