| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and vendor documentation to verify that administrative functionality is separate from user functionality. If administrator and general user functionality are not separated either physically or logically, this is a finding.
Fix Text
Configure DBMS to separate database administration and general user functionality.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings and vendor documentation to verify user sessions are terminated, and session identifiers invalidated, upon user logout. If they are not, this is a finding. Review system documentation and organization policy to identify other events that should result in session terminations. If other session termination events are defined, review DBMS settings to verify occurrences of these events would cause session termination, invalidating the session identifiers. If occurrences of defined session terminating events do not cause session terminations, invalidating the session identifiers, this is a finding.
Fix Text
Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon user logout. Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon the occurrence of any organization- or policy-defined session termination event.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings and vendor documentation to determine whether the DBMS recognizes session identifiers that are not system-generated. If the DBMS recognizes session identifiers that are not system generated, this is a finding.
Fix Text
Utilize a DBMS product that only recognizes session identifiers that are system-generated.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS vendor documentation and system behavior (and if necessary, consult vendor representatives) to determine whether the DBMS can provide demonstrably effective protection against man-in-the-middle attacks that guess at session identifier values. If not, this is a finding. Review DBMS settings to determine whether protections against man-in-the-middle attacks that guess at session identifier values are enabled. If they are not, this is a finding.
Fix Text
Utilize a DBMS product that can provide demonstrably effective protection against man-in-the-middle attacks that guess at session identifier values. Configure DBMS settings to enable protections against man-in-the-middle attacks that guess at session identifier values.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and vendor documentation to verify the DBMS properly handles transactions in the event of a system failure. If open transactions are not rolled back to a consistent state during system failure, this is a finding. The consistent state must include a security configuration that is at least as restrictive as before the system failure. If this is not guaranteed, this is a finding.
Fix Text
Configure DBMS settings so that, in the event of a system failure, the DBMS will roll back open transactions to a consistent state, to include a security configuration that is at least as restrictive as before the system failure.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings to determine whether organization-defined system state information is being preserved in the event of a system failure. If organization-defined system state information is not being preserved, this is a finding.
Fix Text
Configure DBMS settings to preserve any organization-defined system state information in the event of a system failure.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings to determine whether objects or code implementing security functionality are located in a separate security domain, such as a separate database or schema created specifically for security functionality. If security-related database objects or code are not kept separate, this is a finding.
Fix Text
Locate security-related database objects and code in a separate database, schema, or other separate security domain from database objects and code implementing application logic.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the procedures for the refreshing of development/test data from production. Review any scripts or code that exists for the movement of production data to development/test systems, or to any other location or for any other purpose. Verify that copies of production data are not left in unprotected locations. If the code that exists for data movement does not comply with the organization-defined data transfer policy and/or fails to remove any copies of production data from unprotected locations, this is a finding.
Fix Text
Modify any code used for moving data from production to development/test systems to comply with the organization-defined data transfer policy, and to ensure copies of production data are not left in unsecured locations.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS architecture to find out if and how it protects the private resources of one process or user (such as working memory, temporary tables, uncommitted data) from unauthorized access by another user or process. If it does not effectively do so, this is a finding.
Fix Text
Deploy a DBMS capable of effectively protecting the private resources of one process or user from unauthorized access by another user or process. Configure the DBMS to effectively protect the private resources of one process or user from unauthorized access by another user or process.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the permissions granted to users by the operating system/file system on the database files, database log files and database backup files. If any user/role who is not an authorized system administrator with a need to know or database administrator with a need to know, or a system account for running DBMS processes, is permitted to read/view any of these files, this is a finding.
Fix Text
Configure the permissions granted by the operating system/file system on the database files, database log files, and database backup files so that only relevant system accounts and authorized system administrators and database administrators with a need to know are permitted to read/view these files.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS code (stored procedures, functions, and triggers), application code, settings, column and field definitions, and constraints to determine whether the database is protected against invalid input. If code exists that allows invalid data to be acted upon or input into the database, this is a finding. If column/field definitions do not exist in the database, this is a finding. If columns/fields do not contain constraints and validity checking where required, this is a finding. Where a column/field is noted in the system documentation as necessarily free-form, even though its name and context suggest that it should be strongly typed and constrained, the absence of these protections is not a finding. Where a column/field is clearly identified by name, caption or context as Notes, Comments, Description, Text, etc., the absence of these protections is not a finding.
Fix Text
Modify database code to properly validate data before it is put into the database or acted upon by the database. Modify the database to contain column/field definitions for each column/field in the database. Modify the database to contain constraints and validity checking on database columns and tables that require them for data integrity.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS source code (stored procedures, functions, triggers) and application source code, to identify cases of dynamic code execution. If dynamic code execution is employed in circumstances where the objective could practically be satisfied by static execution with strongly typed parameters, this is a finding.
Fix Text
Where dynamic code execution is employed in circumstances where the objective could practically be satisfied by static execution with strongly typed parameters, modify the code to do so.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS source code (stored procedures, functions, triggers) and application source code to identify cases of dynamic code execution. If dynamic code execution is employed without protective measures against code injection, this is a finding.
Fix Text
Where dynamic code execution is used, modify the code to implement protections against code injection.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue. If database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.
Fix Text
Configure DBMS settings, custom database code, and associated application code not to divulge sensitive information or information useful for system identification in error messages.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and custom database code to determine if detailed error messages are ever displayed to unauthorized individuals. If detailed error messages are displayed to individuals not authorized to view them, this is a finding.
Fix Text
Configure DBMS settings, custom database code, and associated application code not to display detailed error messages to those not authorized to view them.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to obtain the organization's definition of circumstances requiring automatic session termination. If the documentation explicitly states that such termination is not required or is prohibited, this is not a finding. If the documentation requires automatic session termination, but the DBMS is not configured accordingly, this is a finding.
Fix Text
Configure the DBMS to automatically terminate a user session after organization-defined conditions or trigger events requiring session termination.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Determine, by reviewing DBMS documentation and/or inquiring of the vendor's technical support staff, whether the DBMS satisfies this requirement; and, if it does, determine whether this is inherent, unchangeable behavior, or a configurable feature. If the DBMS does not satisfy the requirement, this is a permanent finding. If the behavior is inherent, this is permanently not a finding. If the behavior is configurable, and the current configuration does not enforce it, this is a finding.
Fix Text
Where relevant, modify the configuration to allow the user to manually terminate a session initiated by that user.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If security labeling is not required, this is not a finding. If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in storage, this is a finding.
Fix Text
Enable DBMS features, deploy third-party software, or add custom data structures, data elements and application code, to provide reliable security labeling of information in storage.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If security labeling is not required, this is not a finding. If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in process, this is a finding.
Fix Text
Enable DBMS features, deploy third-party software, or add custom data structures, data elements and application code, to provide reliable security labeling of information in process.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If security labeling is not required, this is not a finding. If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in transmission, this is a finding.
Fix Text
Enable DBMS features, deploy third-party software, or add custom data structures, data elements and application code, to provide reliable security labeling of information in transmission.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to identify the required discretionary access control (DAC). Review the security configuration of the database and DBMS. If applicable, review the security configuration of the application(s) using the database. If the discretionary access control defined in the documentation is not implemented in the security configuration, this is a finding.
Fix Text
Implement the organization's DAC policy in the security configuration of the database and DBMS, and, if applicable, the security configuration of the application(s) using the database.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question. Review the DBMS security configuration and/or other means used to protect privileged functionality from unauthorized use. If the configuration does not protect all of the actions defined as privileged, this is a finding.
Fix Text
Configure DBMS security to protect all privileged functionality.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation, database and DBMS security configuration, source code for DBMS internal logic, source code of external modules invoked by the DBMS, and source code of the application(s) using the database. If elevation of DBMS privileges is utilized but not documented, this is a finding. If elevation of DBMS privileges is documented, but not implemented as described in the documentation, this is a finding. If the privilege-elevation logic can be invoked in ways other than intended, or in contexts other than intended, or by subjects/principals other than intended, this is a finding.
Fix Text
Determine where, when, how, and by what principals/subjects elevated privilege is needed. Modify the database and DBMS security configuration, DBMS internal logic, external modules invoked by the DBMS, and the application(s) using the database, to ensure privilege elevation is used only as required.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Investigate whether there have been any incidents where the DBMS ran out of audit log space since the last time the space was allocated or other corrective measures were taken. If there have been, this is a finding.
Fix Text
Allocate sufficient audit file/table space to support peak demand.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system configuration. If appropriate support staff are not notified immediately upon storage volume utilization reaching 75%, this is a finding.
Fix Text
Configure the system to notify appropriate support staff immediately upon storage volume utilization reaching 75%.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings, OS, or third-party logging software settings to determine whether a real-time alert will be sent to the appropriate personnel when auditing fails for any reason. If real-time alerts are not sent upon auditing failure, this is a finding.
Fix Text
Configure the system to provide immediate real-time alerts to appropriate support staff when an audit log failure occurs.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Verify that the DBMS generates time stamps, in audit records and application data, that maps to UTC. If it does not, this is a finding.
Fix Text
Ensure the DBMS generates time stamps, in audit records and application data, that maps to UTC.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review product documentation to verify that the DBMS can generate time stamps with a granularity of one second or finer. If it cannot, this is a finding. Review audit log records produced by the DBMS for confirmation that time stamps are recorded to a precision of one second or finer. If not, this is a finding. Review time stamp values in audit trail columns/fields in application data in the database. If the time stamps are not recorded to a precision of one second or finer, this is a finding.
Fix Text
Deploy a DBMS that can generate and record time stamps with a granularity of one second or finer. Configure auditing so that the time stamps are recorded to a precision of one second or finer. Modify applications and/or column/field definitions so that the time stamps in audit trail columns/fields in application data are recorded to a precision of one second or finer.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS supports only software development, experimentation and/or developer-level testing (that is, excluding production systems, integration testing, stress testing, and user acceptance testing), this is not a finding. Review the DBMS and database security settings with respect to nonadministrative users' ability to create, alter, or replace logic modules, to include but not necessarily only stored procedures, functions, triggers, and views. If any such permissions exist and are not documented and approved, this is a finding.
Fix Text
Document and obtain approval for any nonadministrative users who require the ability to create, alter or replace logic modules. Implement the approved permissions. Revoke any unapproved permissions.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS vendor documentation with respect to its ability to enforce access restrictions associated with changes to the configuration of the DBMS or database(s). If it is not able to do this, this is a finding. Review the security configuration of the DBMS and database(s). If it does not enforce access restrictions associated with changes to the configuration of the DBMS or database(s), this is a finding.
Fix Text
Deploy a DBMS capable of enforcing access restrictions associated with changes to the configuration of the DBMS or database(s). Configure the DBMS to enforce access restrictions associated with changes to the configuration of the DBMS or database(s).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify audit records can be produced when the system denies or fails to complete attempts to change the configuration of the DBMS or database(s). If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to change the configuration of the DBMS or database(s). If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to change the configuration of the DBMS or database(s). If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete attempts to change the configuration of the DBMS or database(s). Configure the DBMS to produce audit records when it denies attempts to change the configuration of the DBMS or database(s). Configure the DBMS to produce audit records when other errors prevent attempts to change the configuration of the DBMS or database(s).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the network functions, ports, protocols, and services supported by the DBMS. If any protocol is prohibited by the PPSM guidance and is enabled, this is a finding.
Fix Text
Deploy a DBMS capable of disabling a network function, port, protocol, or service prohibited by the PPSM guidance. Disable each prohibited network function, port, protocol, or service.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation and the configuration of the DBMS and related applications and tools. If there are any circumstances under which a user is not required to reauthenticate when changing role or escalating privileges, this is a finding. If the information owner has identified additional cases where reauthentication is needed, but there are circumstances where the system does not ask the user to reauthenticate when those cases occur, this is a finding.
Fix Text
Modify and/or configure the DBMS and related applications and tools so that users are always required to reauthenticate when changing role or escalating privileges. Modify and/or configure the DBMS and related applications and tools so that users are always required to reauthenticate when the specified cases needing reauthorization occur.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system settings to determine whether the organization-defined limit for cached authentication is implemented. If it is not implemented, this is a finding.
Fix Text
Modify system settings to implement the organization-defined limit on the lifetime of cached authenticators.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS will accept non-DOD approved PKI end-entity certificates, this is a finding.
Fix Text
Revoke trust in any certificates not issued by a DOD-approved certificate authority. Configure the DBMS to accept only DOD and DOD-approved PKI end-entity certificates.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS architecture to find out if and how it protects the private resources of one process (such as working memory, temporary tables, uncommitted data and, especially, executable code) from unauthorized access or modification by another user or process. If it is not capable of maintaining a separate execution domain for each executing process, this is a finding. If the DBMS is capable of maintaining a separate execution domain for each executing process, but is configured not to do so, this is a finding.
Fix Text
Deploy a DBMS capable of maintaining a separate execution domain for each executing process. If this is a configurable feature, configure the DBMS to implement it.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding. If the DBMS does not employ protective measures against unauthorized disclosure and modification during preparation for transmission, this is a finding.
Fix Text
Implement protective measures against unauthorized disclosure and modification during preparation for transmission.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding. If the DBMS, associated applications, and infrastructure do not employ protective measures against unauthorized disclosure and modification during reception, this is a finding.
Fix Text
Implement protective measures against unauthorized disclosure and modification during reception.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances. Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input. If it does not implement the documented behavior, this is a finding.
Fix Text
Revise and deploy the source code for database program objects (stored procedures, functions, triggers) and application source code, to implement the documented behavior.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If software components that have been replaced or made unnecessary are not removed, this is a finding.
Fix Text
Identify and remove software components that have been replaced or made unnecessary.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Verify security-relevant software updates to the DBMS are installed within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). If security-relevant software updates to the DBMS are not installed within 30 days unless the time period is directed by an authoritative source, this is a finding.
Fix Text
Install security-relevant software updates to the DBMS within 30 days unless the time period is directed by an authoritative source.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS architecture makes it impossible for any user, even with the highest privileges, to directly view or directly modify the contents of its built-in security objects, and if there are no additional, locally-defined security objects in the database(s), this is not a finding. Review DBMS documentation to verify that audit records can be produced when security objects, such as tables, views, procedures, and functions, are accessed, to include reads, creations, modifications and deletions of data, and execution of logic. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when security objects, such as tables, views, procedures, and functions, are accessed, to include reads, creations, modifications and deletions of data, and execution of logic. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when security objects, such as tables, views, procedures, and functions, are accessed. Configure the DBMS to produce audit records when security objects, such as tables, views, procedures, and functions, are accessed, to include reads, creations, modifications and deletions of data, and execution of logic.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS architecture makes it impossible for any user, even with the highest privileges, to directly view or directly modify the contents of its built-in security objects, and if there are no additional, locally-defined security objects in the database(s), this is not a finding. Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to access security objects, such as tables, views, procedures, and functions, such access to include reads, creations, modifications and deletions of data, and execution of logic. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to access security objects, such as tables, views, procedures, and functions, such access to include reads, creations, modifications and deletions of data, and execution of logic. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to access security object. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete access to security objects, such as tables, views, procedures, and functions. Configure the DBMS to produce audit records when it denies access to security objects, such as tables, views, procedures, and functions, such access to include reads, creations, modifications and deletions of data, and execution of logic. Configure the DBMS to produce audit records when other errors prevent access to security objects, such as tables, views, procedures, and functions, such access to include reads, creations, modifications and deletions of data, and execution of logic.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when categories of information are accessed, to include reads, creations, modifications, and deletions. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when categories of information are accessed, to include reads, creations, modifications, and deletions. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when categories of information are accessed. Configure the DBMS to produce audit records when categories of information are accessed, to include reads, creations, modifications, and deletions.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to access categories of information, such access to include reads, creations, modifications and deletions. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to access categories of information, such access to include reads, creations, modifications and deletions. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to access categories of information, such access to include reads, creations, modifications and deletions. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete access to categories of information. Configure the DBMS to produce audit records when it denies access to categories of information, such access to include reads, creations, modifications and deletions. Configure the DBMS to produce audit records when other errors prevent access to categories of information, such access to include reads, creations, modifications and deletions.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when privileges/permissions/role memberships are added. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when privileges/permissions/role memberships are added. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when privileges/permissions/role memberships are added. Configure the DBMS to produce audit records when privileges/permissions/role memberships are added.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to add privileges/permissions/role membership. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the DBMS denies the addition of privileges/permissions/role membership. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent the addition of privileges/permissions/role membership. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete attempts to add privileges/permissions/role membership. Configure the DBMS to produce audit records when it denies attempts to add privileges/permissions/role membership. Configure the DBMS to produce audit records when other errors prevent attempts to add privileges/permissions/role membership.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If there is no distinction in the DBMS's security architecture between modifying permissions on the one hand, and adding and deleting permissions on the other hand, this is not a finding. Review DBMS documentation to verify that audit records can be produced when privileges/permissions/role memberships are modified. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when privileges/permissions/role memberships are modified. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when privileges/permissions/role memberships are modified. Configure the DBMS to produce audit records when privileges/permissions/role memberships are modified.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If there is no distinction in the DBMS's security architecture between modifying permissions on the one hand, and adding and deleting permissions on the other hand, this is not a finding. Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to modify privileges/permissions/role membership. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to modify privileges/permissions/role membership. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to modify privileges/permissions/role membership. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete attempts to modify privileges/permissions/role membership. Configure the DBMS to produce audit records when it denies attempts to modify privileges/permissions/role membership. Configure the DBMS to produce audit records when other errors prevent attempts to modify privileges/permissions/role membership.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS architecture makes it impossible for any user, even with the highest privileges, to modify the structure and logic of its built-in security objects, and if there are no additional, locally-defined security objects in the database(s), this is not a finding. Review DBMS documentation to verify that audit records can be produced when security objects are modified. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when security objects are modified. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when security objects, such as tables, views, procedures, and functions, are modified. Configure the DBMS to produce audit records when security objects, such as tables, views, procedures, and functions, are modified.