Audit trail data should be reviewed daily or more frequently.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3827 | DG0095-SQLServer9 | SV-24250r1_rule | ECAT-1 | Medium |
| Description |
|---|
| Review of audit trail data provides a means for detection of unauthorized access or attempted access. Frequent and regularly scheduled reviews ensures that such access is discovered in a timely manner. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-23452r1_chk ) |
|---|
| Review policy, procedures and implementation evidence for daily audit trail monitoring. For SQL Server, the audit trail data is found in audit traces, the system error logs (ERRORLOG.*) files, and the system and application event logs. If the policy, procedures and evidence are not present or complete, this is a Finding. |
| Fix Text (F-19759r1_fix) |
|---|
| Develop, document and implement policy and procedures to monitor audit trail data daily. |