Audit records should be restricted to authorized individuals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-5686 | DG0032-SQLServer9 | SV-24077r1_rule | ECTP-1 | Medium |
| Description |
|---|
| Audit data is frequently targeted by malicious users as it can provide a means to detect their activity. The protection of the audit trail data is of special concern and requires restrictions to allow only the auditor and DBMS backup, recovery, and maintenance users access to it. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-19535r1_fix) |
|---|
| Grant audit file and database audit object access to authorized DBAs and auditors. Revoke audit file and database audit object access from unauthorized database and OS accounts. |