UCF STIG Viewer Logo

Use of the DBMS installation account should be logged.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15110 DG0041-SQLServer9 SV-24157r1_rule ECLP-1 Medium
Description
The DBMS installation account may be used by any authorized user to perform DBMS installation or maintenance. Without logging, accountability for actions attributed to the account is lost.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-28453r1_chk )
Review and verify implementation of logging procedures defined for use of the DBMS software installation account.

If procedures for logging access to the DBMS are not present or are not being followed, this is a Finding.

Host system audit logs should be echoed or matched in the DBMS installation account usage log along with an indication of the person who accessed the account and an explanation for the access.
Fix Text (F-20086r1_fix)
Develop and implement a logging procedure for use of the DBMS software installation account that provides accountability to individuals for any actions taken by the account.