Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15102 | DG0083-ORACLE10 | SV-24669r1_rule | ECRG-1 | Medium |
Description |
---|
Audit record collection may quickly overwhelm storage resources and an auditor's ability to review it in a productive manner. Automated tools can provide the means to manage the audit data collected as well as present it to an auditor in an efficient way. |
STIG | Date |
---|---|
Oracle Database 10g Installation STIG | 2014-04-02 |
Check Text ( C-29189r1_chk ) |
---|
If the database being reviewed is not a production database, this check is Not a Finding. Interview the auditor or IAO to determine if an automated tool or procedure is used to report audit trail data. If an automated tool or procedure is not used, this is a Finding. |
Fix Text (F-26205r1_fix) |
---|
Develop, document and implement database or host system procedures to report audit trail data in a form usable to detect unauthorized access to or usage of DBMS privileges, procedures or data. You may also want to consider procuring a third-party auditing tool like Oracle Audit Vault with support for Oracle and other DBMS products within your environment. NOTE: Audit data may contain sensitive information. The use of a single repository for audit data should be protected at the highest level based on the sensitivity of the databases being audited. |