UCF STIG Viewer Logo

The DBMS must generate audit records when unsuccessful logons or connection attempts occur.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58109 SRG-APP-000503-DB-000351 SV-72539r1_rule Medium
Description
For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.
STIG Date
Database Security Requirements Guide 2020-03-06

Details

Check Text ( C-58879r1_chk )
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding.
Fix Text (F-63317r1_fix)
Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS.

Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any).