Documentation - V-214020

V-214020

MS SQL Server 2016 Instance Security Technical Implementation Guide

CAT II

Title

SQL Server must generate audit records when successful and unsuccessful accesses to objects occur.

Description

<VulnDiscussion>Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. In an SQL environment, types of access include, but are not necessarily limited to: SELECT INSERT UPDATE DELETE EXECUTE To aid in diagnosis, it is necessary to keep track of failed attempts in addition to the suc...

Fix Text (Documentation Requirement)

Deploy an audit to audit when successful and unsuccessful accesses to objects occur. See the supplemental file "SQL 2016 Audit.sql".

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel