Configuration management solutions must track unauthorized, security-relevant configuration changes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32421	SRG-APP-000139-DB-NA	SV-42758r1_rule		Medium

Description
Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Security-related parameters are those parameters impacting the security state of the system including parameters related to meeting other security control requirements. Security-related parameters include: registry settings; account, file, and directory settings (i.e., permissions); and settings for services, ports, protocols, and remote connections. Incident Response teams require input from authoritative sources in order to investigate events that have occurred. Configuration management solutions are a logical source for providing information regarding system configuration changes. Unauthorized, security-relevant configuration changes must be incorporated into the organization’s incident response capability to ensure such detected events are tracked for historical purposes. This requirement is specific to applications providing configuration management functionality. This requirement is NA for databases.

Description

Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Security-related parameters are those parameters impacting the security state of the system including parameters related to meeting other security control requirements. Security-related parameters include: registry settings; account, file, and directory settings (i.e., permissions); and settings for services, ports, protocols, and remote connections. Incident Response teams require input from authoritative sources in order to investigate events that have occurred. Configuration management solutions are a logical source for providing information regarding system configuration changes. Unauthorized, security-relevant configuration changes must be incorporated into the organization’s incident response capability to ensure such detected events are tracked for historical purposes. This requirement is specific to applications providing configuration management functionality. This requirement is NA for databases.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40863r1_chk )
This check is NA for databases

Fix Text (F-36336r1_fix)
This fix is NA for databases.