UCF STIG Viewer Logo

The DBMS must be able to generate audit records when privileges/permissions are retrieved.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32364 SRG-APP-000091-DB-000066 SV-42701r3_rule Medium
Description
Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to configure auditing to do this. DBMSs typically make such information available through views or functions. This requirement addresses explicit requests for privilege/permission/role membership information. It does not refer to the implicit retrieval of privileges/permissions/role memberships that the DBMS continually performs to determine if any and every action on the database is permitted.
STIG Date
Database Security Requirements Guide 2019-09-27

Details

Check Text ( C-40806r2_chk )
Review DBMS documentation to verify that audit records can be produced when privileges/permissions/role memberships are retrieved.

If the DBMS is not capable of this, this is a finding.

If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when privileges/permissions/role memberships are retrieved.

If they are not produced, this is a finding.
Fix Text (F-36279r2_fix)
Deploy a DBMS capable of producing the required audit records when privileges/permissions/role memberships are retrieved.

If currently required, configure the DBMS to produce audit records when privileges/permissions/role memberships are retrieved.