| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206632 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must generate audit records for all privi... | - | |||
Check TextReview DBMS documentation to verify that authorized administrative users can designate actions as privileged and that audit records can be produced when privileged actions occur. If the DBMS is not capable of this, this is a finding. Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question. Review the DBMS/database security and audit configurations and/or other means used to implement audit logging. If audit logging covers at least all of the actions defined as privileged, this is not a finding; otherwise, this is a finding. Fix TextDeploy a DBMS capable of producing the required audit records when privileged actions occur. Configure the DBMS to produce audit records when privileged actions occur. CommentsPage 2 of reference document SQL Anywhere 17 - Auditing Options.pdf specifies the types of auditing events captured in the audit log. A setting of ‘all’ includes auditing for all DDL statements exectutions, option changes, triggers, and xp_cmdshell invocations as well as all actions that require system privileges.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||