STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:

Time stamps in database tables, intended for auditing or activity-tracking purposes, must include both date and time of day, with a minimum granularity of one second.

DISA Rule

SV-81897r1_rule

Vulnerability Number

V-67407

Group Title

SRG-APP-000375-DB-000323

Rule Version

SQL4-00-033700

Severity

CAT II

CCI(s)

• CCI-001889 - The information system records time stamps for audit records that meet organization-defined granularity of time measurement.

Weight

10

Fix Recommendation

Modify applications and/or column/field definitions so that the time stamps in audit-trail and activity-tracking columns/fields in application data include date and time of day, to a granularity of one second or finer, and are recorded accurately.

Check Contents

Review the column definitions and contents of audit-trail and activity-tracking timestamps in database tables.

If these are not defined and maintained to include date and time of day, accurate to a granularity of one second or finer, this is a finding.

Vulnerability Number

V-67407

Documentable

False

Rule Version

SQL4-00-033700

Severity Override Guidance

Review the column definitions and contents of audit-trail and activity-tracking timestamps in database tables.

If these are not defined and maintained to include date and time of day, accurate to a granularity of one second or finer, this is a finding.

Check Content Reference

M

Target Key

2637

Comments