DoD STIGs – V-32348


Title: The DBMS must associate the identity of the information producer with the information.

Vulnerability ID: V-32348


IA Controls: None

Severity: low

Description: Non-repudiation supports audit requirements to provide the appropriate organizational officials the means to identify who produced specific information in the event of an information transfer.

The nature and strength of the binding between the information producer and the information are determined and approved by the appropriate organizational officials based on the security categorization of the information and relevant risk factors.

Databases provide mechanisms, such as audit records and security labels. If information is inserted or updated within the database and the producer of the information is not associated to the information, there is no protection against a user denying having performed a particular action.

Check Text: Review DBMS configuration to identify whether information is tightly bound with data identifying the producer of the information. If information does not contain some means to identify who produced the data, this is a finding.

Fix Text: Utilize DBMS functionality or third party tools to bind the producer of the information to the information produced.


Interpreting V-32348:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.