Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Database Security Requirements Guide
  3. V-58109

V-58109

The DBMS must generate audit records when unsuccessful logons or connection attempts occur.

Finding ID
SRG-APP-000503-DB-000351
Rule ID
SV-72539r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000503-DB-000351
CCI
CCI-000172
Target Key
(None)
Documentable
No
Discussion

For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.

Fix Text

Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS. Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any).

Check Content

Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding.

Vaulted is more than a library.

SIGN UP FOR FREE