The IAM should review changes to DBA role assignments.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15127 | DG0118-SQLServer9 | SV-24302r1_rule | ECPA-1 | Medium |
| Description |
|---|
| Unauthorized assignment of DBA privileges can lead to a compromise of DBMS integrity. Providing oversight to the authorization and assignment of privileges provides the separation of duty to support sufficient oversight. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-20483r1_chk ) |
|---|
| Review the policy, procedures and implementation evidence for monitoring changes to DBA role assignments and procedures for notifying the IAM of the changes for review. If policy, procedures and implementation evidence do not exist, this is a Finding. |
| Fix Text (F-19756r1_fix) |
|---|
| Develop, document and implement policy and procedures to monitor changes to DBA role assignments. Develop, document and implement policy and procedures to notify the IAM of changes to DBA role assignments. Include methods in the procedures that provide evidence of monitoring and notification. |