I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000099-DB-000043
Group -
The DBMS must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, but is not limited...Rule Medium Severity -
SRG-APP-000100-DB-000201
Group -
The DBMS must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes: timestamps, sourc...Rule Medium Severity -
SRG-APP-000101-DB-000044
Group -
The DBMS must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes: timestamps, sourc...Rule Medium Severity -
SRG-APP-000118-DB-000059
Group -
The DBMS must protect audit information from any type of unauthorized access.
If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In ...Rule Medium Severity -
SRG-APP-000119-DB-000060
Group -
The DBMS must protect audit information from unauthorized modification.
If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veraci...Rule Medium Severity -
SRG-APP-000120-DB-000061
Group -
The DBMS must protect audit information from unauthorized deletion.
If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veraci...Rule Medium Severity -
SRG-APP-000121-DB-000202
Group -
The DBMS must protect audit tools from unauthorized access.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may ...Rule Medium Severity -
SRG-APP-000122-DB-000203
Group -
The DBMS must protect audit tools from unauthorized modification.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may ...Rule Medium Severity -
SRG-APP-000123-DB-000204
Group -
The DBMS must protect audit tools from unauthorized deletion.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may ...Rule Medium Severity -
SRG-APP-000133-DB-000200
Group -
Database objects must be owned by accounts authorized for ownership.
Within the database, object ownership implies full privileges to the owned object including the privilege to assign access to the owned objects to other subjects. Unmanaged or uncontrolled ownershi...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.