Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Audit records should contain required information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15646 | DG0145-ORACLE11 | SV-24973r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| Complete forensically valuable data may be unavailable or accountability may be jeopardized when audit records do not contain sufficient information. |
| STIG | Date |
|---|---|
| Oracle 11 Database Instance STIG | 2014-01-14 |
Details
| Check Text ( C-28644r1_chk ) |
|---|
| Review samples of the DBMS audit logs. Compare to the required elements listed below: - User ID. - Successful and unsuccessful attempts to access security files - Date and time of the event. - Type of event. If the elements listed above are not included in the audit logs at at minimum, this is a Finding. |
| Fix Text (F-26571r1_fix) |
|---|
| Configure audit settings to include the following list of elements in the audit logs at a minimum: - User ID. - Successful and unsuccessful attempts to access security files - Date and time of the event. - Type of event. |