UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must use system clocks to generate timestamps for audit records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32391 SRG-APP-000116-DB-000057 SV-42728r1_rule Medium
Description
Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Timestamps generated by the information system shall include both date and time. The time may be expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. If time sources other than the system time are used for audit records the timeline of events can get skewed. This makes forensic analysis of the logs much more unreliable.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40833r1_chk )
Review DBMS settings to determine if audit logs are being recorded with time pulled from the underlying system. If timestamps on audit logs are based on something other than the system clock or a database clock synchronized with the system clock, this is a finding.
Fix Text (F-36306r1_fix)
Modify DBMS settings to stamp audit records only with timestamps based on the underlying system clock or on a database clock synchronized with the system clock.