The DBMS must generate audit records when unsuccessful logons or connection attempts occur.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-206631 | SRG-APP-000503 | SRG-APP-000503-DB-000351 | SV-206631r961824_rule | 2024-12-04 | 4 |
| Description |
|---|
| For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured. |
| ℹ️ Check |
|---|
| Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding. |
| ✔️ Fix |
|---|
| Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS. Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any). |