Documentation - V-270505

V-270505

Oracle Database 19c Security Technical Implementation Guide

CAT II

Title

Oracle Database must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.

Description

<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. In addition, the application must have the capability to include organization-defined additional, more detailed info...

Fix Text (Documentation Requirement)

If the site-specific audit requirements are not covered by the default audit options, deploy and configure FGA. For details, refer to Oracle documentation, at the location below. For more information on the configuration of fine-grained auditing, refer to the following documents: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-audit-policies.html#GUID-88DA3AF8-5F6A-4C6E-80EE-F65071E5BF46.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel