Title: The application must provide the capability to compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within organization defined level of tolerance.
Vulnerability ID: V-32359
IA Controls: None
Description: Audit generation and audit records can be generated from various components within the information system. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events).
The events occurring must be time-correlated on order to conduct accurate forensic analysis. In addition, the correlation must meet a certain tolerance criteria. For instance, the organization may define that the time stamps of different audited events must not differ by any amount greater than ten seconds.
Databases do not typically provide the capability to compile audit records from multiple components within the system. This requirement is NA for databases.
Check Text: This check is NA for databases.
Fix Text: This fix is NA for databases.[divider]
Though most database systems do not provide an audit record consolidating capability, SQL Audit is a powerful addition to the SQL Server product line. There is basic auditing built into every version of SQL Server starting with SQL Server 2008. More detailed information is available if using enterprise edition of SQL Server. By combining SQL Audit with SQL Server Policy management you have a very strong, built in, monitoring and audit tool.