Documentation - V-255343

V-255343

Microsoft Azure SQL Database Security Technical Implementation Guide

CAT II

Title

Azure SQL Database must be able to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

Description

<VulnDiscussion>To ensure sufficient storage capacity for the audit logs, the Azure SQL Database must be able to allocate audit record storage capacity. Although another requirement (SRG-APP-000515-DB-000318) mandates that audit data be offloaded to a centralized log management system, it remains necessary to provide space to serve as a buffer against outages and capacity limits of the offloading mechanism. The task of allocating audit record storage capacity is usually performed during initial...

Fix Text (Documentation Requirement)

Review the Azure SQL Database Audit file configuration information. https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview#manage-auditing There are multiple options for configuring where audit logs will be written. Logs can be written to an Azure Blob Storage with Azure storage account, to a Log Analytics workspace, or to Event Hub. Any combination of these options can be configured, and audit logs will be written to each. When writing logs to an Azure Storage account, the default value for retention period is "0" (unlimited retention).

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel