The DBMS must generate audit records when successful logons or connections occur.
For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.
Configure DBMS audit settings to generate an audit record each time a user (or other principal) logs on or connects to the DBMS. Ensure that the audit record contains the time of the event, the user ID, and session identifier.
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) logs on or connects to the DBMS, this is a finding.