Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-41042 | SQL2-00-009700 | SV-53417r3_rule | Medium |
Description |
---|
This is intended to limit exposure, by making it possible to trace any unauthorized access to other data or functionality by a privileged user account or role that has permissions on security functions or security-relevant information. |
STIG | Date |
---|---|
Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide | 2015-06-23 |
Check Text ( C-47659r3_chk ) |
---|
Review auditing configuration. If it is possible for a privileged user/role to access non-security functions or information without having the action recorded in the audit log, this is a finding. |
Fix Text (F-46341r2_fix) |
---|
Configure DBMS auditing so that all use of privileged accounts is recorded in the audit log. |