Page History
...
Section | Summary | Associated Audit Events and Features |
---|---|---|
DISA 2016 Database DISA 2016 Instance SQL6-D0-004300, | SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBSM/database components. SQL Server must generate audit records when privileged/permissions are retrieved. SQL Server must initiate session auditing upon startup. SQL Server must be configured to allow authorized users to capture, record, and log all content related to a user session. SQL Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject. The audit information produced by SQL Server must be protected from unauthorized read access. The audit information produced by SQL Server must be protected from unauthorized modification. The audit information produced by SQL Server must be protected from unauthorized deletion. SQL Server must protect its audit features from unauthorized access. SQL Server must protect its audit configuration from unauthorized modification. SQL Server must protect its audit features from unauthorized removal. SQL Server must utilize centralized management of the content captured in audit records generated by all components of SQL Server. SQL Server must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. SQL Server must record timestamps in audit records and application data that can be mapped to Coordinate Universal Time (UTC, formerly GMT). | Server Events:
Server-level Audit Groups Supported:
Database Events:
Database-level Audit Groups Supported:
|
DISA 2012 Database SQL2-00-011200 DISA 2014 Database SQL4-00-011200 | SQL Server must generate Trace or audit records for organization-defined auditable events. Audit records can be generated from various components within the information system. | Server Events:
Database Events:
|
DISA 2012 Instance SQL2-00-012400, DISA 2014 Instance SQL4-00-011900, | SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location or subject. Audit record content which may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules revoked. All use of privileged accounts must be audited. SQL Server must produce audit records containing sufficient information to establish what type of events occurred. SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred. SQL Server must generate audit records for the DoD-selected list of auditable events. SQL Server must produce audit records containing sufficient information to establish where the events occurred. SQL Server must produce audit records containing sufficient information to establish the sources (origins) of events. SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of events. SQL Server must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event. SQL Server must support the employment of automated mechanisms supporting the auditing of the enforcement actions. SQL Server must enforce access control policies to restrict Alter server state permissions to only authorized roles. SQL Server must generate Trace or audit records when unsuccessful logins or connection attempts occur. SQL Server must generate Trace or audit records when logoffs or disconnections occur. SQL Server must generate Trace or audit records when successful logons or connections occur. SQL Server must generate Trace or audit records when concurrent logins/connections by the same user from different workstations occur. SQL Server must produce Trace or audit records containing sufficient information to establish when the events occurred. SQL Server must produce Trace or audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database. | Server Events:
Database Events:
|
DISA 2014 0 | If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime. | Server Events:
Database Events:
|
...