| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206544 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must limit privileges to change software ... | - | |||
Check TextReview monitoring procedures and implementation evidence to verify monitoring of changes to database software libraries, related applications, and configuration files is done. Verify the list of files, directories, and database application objects (procedures, functions, and triggers) being monitored is complete. If monitoring does not occur or is not complete, this is a finding. Fix TextImplement procedures to monitor for unauthorized changes to DBMS software libraries, related software application libraries, and configuration files. If a third-party automated tool is not employed, an automated job that reports file information on the directories and files of interest and compares them to the baseline report for the same will meet the requirement. Use file hashes or checksums for comparisons, as file dates may be manipulated by malicious users. CommentsPage 2 of reference document SQL Anywhere 17- Database Activity Audit.pdf specifies that a setting of ‘all’ includes auditing of DDL statements.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||