DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15106 | DG0086-SQLServer9 | SV-24238r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-23846r1_chk ) |
|---|
| Review procedures and implementation evidence of DBA role privilege monitoring. If procedures are incomplete or not implemented, this is a Finding. If monitoring does not occur every 30 days or more often, this is a Finding. |
| Fix Text (F-25702r1_fix) |
|---|
| Design, document and implement procedures for monitoring DBA role privilege assignments. |