III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000100-DB-000201
<GroupDescription></GroupDescription>Group -
The DBMS must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
SRG-APP-000101-DB-000044
<GroupDescription></GroupDescription>Group -
The DBMS must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
SRG-APP-000118-DB-000059
<GroupDescription></GroupDescription>Group -
The system must protect audit information from any type of unauthorized access.
<VulnDiscussion>If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially ma...Rule Medium Severity -
SRG-APP-000119-DB-000060
<GroupDescription></GroupDescription>Group -
The system must protect audit information from unauthorized modification.
<VulnDiscussion>If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially ma...Rule Medium Severity -
SRG-APP-000120-DB-000061
<GroupDescription></GroupDescription>Group -
The system must protect audit information from unauthorized deletion.
<VulnDiscussion>If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially ma...Rule Medium Severity -
SRG-APP-000121-DB-000202
<GroupDescription></GroupDescription>Group -
The system must protect audit tools from unauthorized access.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upo...Rule Medium Severity -
SRG-APP-000122-DB-000203
<GroupDescription></GroupDescription>Group -
The system must protect audit tools from unauthorized modification.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upo...Rule Medium Severity -
SRG-APP-000123-DB-000204
<GroupDescription></GroupDescription>Group -
The system must protect audit tools from unauthorized deletion.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upo...Rule Medium Severity -
SRG-APP-000133-DB-000200
<GroupDescription></GroupDescription>Group -
Database objects must be owned by accounts authorized for ownership.
<VulnDiscussion>Within the database, object ownership implies full privileges to the owned object including the privilege to assign access to...Rule Medium Severity -
SRG-APP-000141-DB-000090
<GroupDescription></GroupDescription>Group -
Default demonstration and sample databases, database objects, and applications must be removed.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.