STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

DISA Rule

SV-82379r1_rule

Vulnerability Number

V-67889

Group Title

SRG-APP-000356-DB-000314

Rule Version

SQL4-00-032800

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Configure and/or deploy software tools to ensure that SQL Server audit records (to include traces used for audit purposes) are written directly to or systematically transferred to a centralized log management system.

Check Contents

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

If the SQL Server audit records (to include traces used for audit purposes) are not written directly to or systematically transferred to a centralized log management system, this is a finding.

Vulnerability Number

V-67889

Documentable

False

Rule Version

SQL4-00-032800

Severity Override Guidance

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

If the SQL Server audit records (to include traces used for audit purposes) are not written directly to or systematically transferred to a centralized log management system, this is a finding.

Check Content Reference

M

Target Key

2639

Comments