Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32402 | SRG-APP-000126-DB-000171 | SV-42739r1_rule | Medium |
Description |
---|
Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data. An example of a cryptographic mechanism is the computation and application of a cryptographic-signed hash using asymmetric cryptography. Non-repudiation protects individuals against later claims by an author of not having performed a particular action, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. |
STIG | Date |
---|---|
Database Security Requirements Guide | 2012-07-02 |
Check Text ( C-40844r1_chk ) |
---|
Review DBMS settings to determine whether the DBMS is using cryptographic mechanisms to protect audit data records and integrity. If cryptographic mechanisms are not used, this is a finding. |
Fix Text (F-36317r1_fix) |
---|
DBMS should use cryptographic mechanisms to protect audit data records and integrity. |