Azure SQL Database must generate audit records when unsuccessful attempts to delete security objects occur.

An XCCDF Rule

Details
Profiles

Description

The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an action is attempted, it must be logged. To aid in diagnosis, it is necessary to keep track of failed attempts in addition to the successful ones.

ID: SV-255365r961818_rule
Version: ASQL-00-014400
Severity: Medium
References: CCI-000172
Updated: 24 days ago

Remediation Templates

Deploy an Azure SQL Database audit.

Refer to the supplemental file "AzureSQLDatabaseAudit.txt" PowerShell script.

Reference: 
https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit">https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit

Azure SQL Database must generate audit records when unsuccessful attempts to delete security objects occur.

Description

Remediation Templates

A Manual Procedure