Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

IDERA, Inc. customers are solely responsible for ensuring compliance with the laws and standards affecting their business. IDERA, Inc. does not represent that its products or services ensure that customer is in compliance with any law. It is the responsibility of the customer to obtain legal, accounting, or audit counsel as to the necessary business practices and actions to comply with such laws.

6.

...

4 New Features

...

Quality Enhancements

Anchor
SQLCM-

...

6885
SQLCM-

...

6885
Adherence to the latest Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) compliance updates

SQL Compliance Manager version 6.3 release delivers security permissions based on the least privilege principle (as opposed to permissions based on standard user roles such as sysadmin) to further enhance the data security per user within the product.

6.3 Fixed Issues 

.4 brings significant updates, including adherence to the latest DISA STIGs compliance. Addressing the recent implementations made to the Security Technical Implementation Guide (STIG), which is a set of guidelines from the Department of Defense's (DoD) Defense Information Systems Agency (DISA) to help secure software and information systems. 

STIGs are based on DoD policy and security controls to help developers configure hardware and software and implement security protocols. This crucial enhancement keeps you informed and up-to-date with the latest security guidelines.

The following is a subset of DISA STIGs implemented for the SQL CM 6.4 release.

  • SQL6-D0-011800 - enforcement of access restrictions.
  • SQL6-D0-014900 - records of privileged activities.
  • SQL6-D0-015000 - unsuccessful attempts to execute privileged activities.
  • SQL6-D0-015100 - starting/ending time of user access.
  • SQL6-D0-014200 - successful/unsuccessful attempts to delete privileges.
  • SQL6-D0-013600 - unsuccessful attempts to modify privileges. AnchorSQLCM-6883SQLCM-6883Fixed an issue where DDL events were not being captured for server-level privilege users configured through a domain group. AnchorSQLCM-6364SQLCM-6364Resolved the issue where the Regulatory Compliance Check report was showing "No" at server-level for PCI DSS guideline. 
    AnchorSQLCM-6860SQLCM-6860Fixed an issue where the IP Address Auditing checkbox was unchecked after importing an exported audit setting file.
    AnchorSQLCM-6855SQLCM-6855Addressed an issue with Audit Events not appearing on SQLCM console when CM repo was hosted on a Case Sensitive SQL instance.
    AnchorSQLCM-6816SQLCM-6816Solved the issue of multiple alerts being logged for a single event.
    • The number of Data and Event alerts is consistent with the number of audit events generated.
    • The email alerts have been improved with the appropriate event description.
    AnchorSQLCM-6887SQLCM-6887Fixed random disappearance of databases from audited database list


For more information about new features and fixed issues in version 6.3, see Previous new features and fixed issues.

...