STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

DISA Rule

SV-206524r617447_rule

Vulnerability Number

V-206524

Group Title

SRG-APP-000090

Rule Version

SRG-APP-000090-DB-000065

Severity

CAT II

CCI(s)

• CCI-000171 - The information system allows organization-defined personnel or roles to select which auditable events are to be audited by specific components of the information system.

Weight

10

Fix Recommendation

Configure the DBMS's settings to allow designated personnel to select which auditable events are audited.

Check Contents

Check DBMS settings and documentation to determine whether designated personnel are able to select which auditable events are being audited.

If designated personnel are not able to configure auditable events, this is a finding.

Vulnerability Number

V-206524

Documentable

False

Rule Version

SRG-APP-000090-DB-000065

Severity Override Guidance

Check DBMS settings and documentation to determine whether designated personnel are able to select which auditable events are being audited.

If designated personnel are not able to configure auditable events, this is a finding.

Check Content Reference

M

Target Key

2902

Comments