STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must provide centralized configuration of the content to be captured in audit records generated by all components of SQL Server.

DISA Rule

SV-213982r617437_rule

Vulnerability Number

V-213982

Group Title

SRG-APP-000356-DB-000315

Rule Version

SQL6-D0-010800

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Configure and/or deploy software tools to ensure that SQL Server audit records (to include traces used for audit purposes) are written directly to or systematically transferred to a centralized log management system.

Check Contents

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

If the SQL Server audit records (to include traces used for audit purposes) are not written directly to or systematically transferred to a centralized log management system, this is a finding.

Vulnerability Number

V-213982

Documentable

False

Rule Version

SQL6-D0-010800

Severity Override Guidance

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

If the SQL Server audit records (to include traces used for audit purposes) are not written directly to or systematically transferred to a centralized log management system, this is a finding.

Check Content Reference

M

Target Key

3993

Comments