The DBMS IA policies and procedures should be reviewed annually or more frequently.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15138 | DG0096-SQLServer9 | SV-24252r1_rule | DCAR-1 | Low |
| Description |
|---|
| A regular review of current database security policies and procedures is necessary to maintain the desired security posture of the DBMS. Policies and procedures should be measured against current DOD policy, STIG guidance, vendor-specific guidance and recommendations, and site-specific or other security policy. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-2743r1_chk ) |
|---|
| Review policy, procedures and implementation evidence of annual reviews of DBMS IA policy and procedures. If policy and procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, this is a Finding. |
| Fix Text (F-16095r1_fix) |
|---|
| Develop, document and implement policy and procedures to monitor audit trail data daily. |