The DBMS must generate audit records showing starting and ending time for user access to the database(s).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-206634 | SRG-APP-000505-DB-000352 | SV-206634r961830_rule | CCI-000172 | medium |
| Description | ||||
| For completeness of forensic analysis, it is necessary to know how long a user's (or other principal's) connection to the DBMS lasts. This can be achieved by recording disconnections, in addition to logons/connections, in the audit logs. Disconnection may be initiated by the user or forced by the system (as in a timeout) or result from a system or network failure. To the greatest extent possible, all disconnections must be logged. | ||||
| STIG | Date | |||
| Database Security Requirements Guide | 2024-12-04 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-12
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000172
1.00
- DISA · 4 · disa_xccdf · related
Details
Check Text (C-206634r961830_chk)
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) logs off or disconnects from the DBMS voluntarily, or forced by the system, or because of connection or other failure, this is a finding.
Fix Text (F-6894r291571_fix)
Configure DBMS audit settings to generate an audit record each time a user (or other principal) logs off or disconnects, whether voluntarily or forced by the system, or because of connection or other failure, from the DBMS.
Ensure that the audit record contains the time of the event, the user ID, and session identifier.