Title: The DBMS must have the capability to produce audit records on hardware-enforced, write-once media.
Vulnerability ID: V-32400
IA Controls: None
Description: Applications are typically designed to incorporate their audit logs into the auditing sub-system hosted by the operating system. However, in some instances application developers may decide to forego the audit capabilities offered by the operating system and maintain application audit logs separately.
The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media.
Applications that do not write audit records to a resource (e.g., underlying OS or separate system) that is capable of producing audit records on hardware-enforced, write-once media must provide the capability to do so. This requirement is related to backup of records and not real-time creation of audit records.
Examples of such hardware devices include, but are not limited to, CD-R or DVD-R.
Check Text: Review DBMS and OS vendor documentation to determine whether the DBMS software is capable of writing audit records on hardware-enforced, write-once media. Determine whether a third party product is in place to provide this ability. If the DBMS does not have the capability to write audit records to hardware-enforced, write-once media or if the ability is restricted by the OS, and a third party product is not in place to provide the ability, this is a finding.
Fix Text: Utilize DBMS software or a third party product that provides the capability to write audit records to hardware-enforced, write-once media.[divider]