DoD STIGs – V-32589

Overview:

Title: Applications that detect and alarm on security events such as Intrusion Detection, Firewalls, Anti-Virus, or Malware must provide near real-time alert notification.

Vulnerability ID: V-32589

STIG ID:

IA Controls: None

Severity: medium

Description: When an intrusion detection security event occurs it is imperative the application that has detected the event immediately notify the appropriate support personnel so they can respond accordingly.

Lack of this capability increases the risk that attacks will go unnoticed or responses will be delayed.

This requirement is specific to applications that detect and alarm on security events. This requirement is NA for databases.

Check Text: This check is NA for databases.

Fix Text: This fix is NA for databases.

[divider]

Interpreting V-32589:

As stated this STIG does not apply to a database system, but you can setup events and triggers in SQl Server to alert you of suspicious activity. Activities such as failed login attempts, encryption key use failures, etc. You can either setup triggers, or look into using the integrated Policy management to detect, and alert you of certain activities. You can even use Policy Management to prevent and alert of activity in a more pro-active approach.

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.