UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Azure SQL Database must initiate session auditing upon startup.


Overview

Finding ID Version Rule ID IA Controls Severity
V-255328 ASQL-00-004700 SV-255328r877243_rule Medium
Description
Session auditing is for use when a user's activities are under investigation. To ensure capture of all activity during those periods when session auditing is in use, it needs to be in operation for the whole time Azure SQL Database is running.
STIG Date
Microsoft Azure SQL Database Security Technical Implementation Guide 2022-11-16

Details

Check Text ( C-59001r871108_chk )
When Audits are enabled, they start up when the audits are enabled and remain operating until the audit is disabled.

Check if an audit is configured and enabled.
To determine if session auditing is configured and enabled, follow the instructions below:
Run this TSQL command to determine if SQL Auditing is configured and enabled:
SELECT *
FROM sys.database_audit_specifications
where (name = 'SqlDbAuditing_ServerAuditSpec'
or name = 'SqlDbAuditing_AuditSpec')
and is_state_enabled = 1

All currently defined audits for the Azure SQL Database instance will be listed. If no audits are returned, this is a finding.
Fix Text (F-58945r877242_fix)
Deploy an Azure SQL Database audit.

Refer to the supplemental file "AzureSQLDatabaseAudit.txt" PowerShell script.

Reference:
https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit