STIGQter STIGQter: STIG Summary: Database Security Requirements Guide Version: 2 Release: 9 Benchmark Date: 25 Oct 2019: The DBMS must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.

DISA Rule

SV-72497r1_rule

Vulnerability Number

V-58067

Group Title

SRG-APP-000353-DB-000324

Rule Version

SRG-APP-000353-DB-000324

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Deploy a DBMS that provides the ability for users in authorized roles to reconfigure auditing at any time.

Deploy a DBMS that allows audit configuration changes to take effect within the timeframe required by the application owner and without involving actions or events that the application owner rules unacceptable.

Check Contents

If the DBMS does not provide the ability for users in authorized roles to reconfigure auditing at any time of the user's choosing, this is a finding.

If changes in audit configuration cannot take effect until after a certain time or date, or until some event, such as a server restart, has occurred, and if that time or event does not meet the requirements specified by the application owner, this is a finding.

Vulnerability Number

V-58067

Documentable

False

Rule Version

SRG-APP-000353-DB-000324

Severity Override Guidance

If the DBMS does not provide the ability for users in authorized roles to reconfigure auditing at any time of the user's choosing, this is a finding.

If changes in audit configuration cannot take effect until after a certain time or date, or until some event, such as a server restart, has occurred, and if that time or event does not meet the requirements specified by the application owner, this is a finding.

Check Content Reference

M

Target Key

2219

Comments