| If there are no shared accounts available to more than one user, this is not a finding. |
If a shared account is used by an application to interact with the database, review the System Security Plan, the tables in the database, and the application source code/documentation to determine whether the application captures the individual user's identity and stores that identity in the audit log or along with all data inserted and updated (also with all records of reads and/or deletions, if these are required to be logged).
The EDB audit feature provides the ability to include application user information with the database audit log using the edb_audit_tag session parameter. If all database shared accounts are accessed via an application that uses the edb_audit_tag parameter to identify individual applications users, this is not a finding.
If there are gaps in the application's ability to capture an individual user's identity, and the gaps and the risk are not defined in the system documentation and accepted by the AO, this is a finding.
If users are sharing a group account to log on to EDB Postgres tools or third-party products that access the database, this is a finding.
To ensure EDB auditing is enabled, execute the following SQL as enterprisedb:
If the result is not "csv" or "xml", this is a finding.