From Database Security Requirements Guide
Part of SRG-APP-000092-DB-000208
Associated with: CCI-001464
Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the DBMS is running.
Review DBMS vendor documentation to determine whether the DBMS software is capable of session auditing. If the DBMS is not capable of session auditing and a third party product is not being used for session level auditing, this is a finding. If the DBMS is capable of session level auditing and specific session audits are currently defined but session auditing is not enabled; or if a third-party product is available for session auditing and specific session audits are currently defined but session auditing is not enabled, this is a finding.
Deploy a DBMS capable of session auditing. Configure the DBMS software or third-party product to enable session auditing.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer