Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Use of the DBMS installation account should be logged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15110 | DG0041-SQLServer9 | SV-24157r1_rule | ECLP-1 | Medium |
| Description |
|---|
| The DBMS installation account may be used by any authorized user to perform DBMS installation or maintenance. Without logging, accountability for actions attributed to the account is lost. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-28453r1_chk ) |
|---|
| Review and verify implementation of logging procedures defined for use of the DBMS software installation account. If procedures for logging access to the DBMS are not present or are not being followed, this is a Finding. Host system audit logs should be echoed or matched in the DBMS installation account usage log along with an indication of the person who accessed the account and an explanation for the access. |
| Fix Text (F-20086r1_fix) |
|---|
| Develop and implement a logging procedure for use of the DBMS software installation account that provides accountability to individuals for any actions taken by the account. |