UCF STIG Viewer Logo

The DBMS must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32383 SRG-APP-000109-DB-000049 SV-42720r3_rule Medium
Description
It is critical that when the DBMS is at risk of failing to process audit logs as required, it take action to mitigate the failure. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode. When the need for system availability does not outweigh the need for a complete audit trail, the DBMS should shut down immediately, rolling back all in-flight transactions. Systems where audit trail completeness is paramount will most likely be at a lower MAC level than MAC I; the final determination is the prerogative of the application owner, subject to Authorizing Official concurrence. In any case, sufficient auditing resources must be allocated to avoid a shutdown in all but the most extreme situations.
STIG Date
Database Security Requirements Guide 2015-02-13

Details

Check Text ( C-40825r2_chk )
If the application owner has determined that the need for system availability outweighs the need for a complete audit trail, this is not applicable (NA).

Review DBMS, OS, or third-party logging application settings and/or documentation to determine whether the system is capable of shutting down, rolling back all in-flight transactions, in the case of an auditing failure. If it is not, this is a finding.

If the system is capable of shutting down upon audit failure but is not configured to do so, this is a finding.
Fix Text (F-36298r2_fix)
Configure the system to shut down, rolling back all in-flight transactions, in the case of an auditing failure.