CIS IBM DB2 11 v1.1.0 Windows OS Level 1

Audit Details

Name: CIS IBM DB2 11 v1.1.0 Windows OS Level 1

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.1

Estimated Item Count: 62

File Details

Filename: CIS_IBM_DB2_11_v1.1.0_Level_1_OS_Windows.audit

Size: 168 kB

MD5: 3a89b6511f76933bec4314003c321f32
SHA256: eff6f1ee269f73beab9fd54aae23cb26291770f961053aae027e6d1d1de6dd97

Audit Items

DescriptionCategories
3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.2 Secure Ppermissions for Default Database File Path (DFTDBPATH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL)

AUDIT AND ACCOUNTABILITY

3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.5 Secure Permissions for Alternate Diagnostic Log Path (ALT_DIAGPATH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.6 Disable Client Discovery Requests (DISCOVER)

CONFIGURATION MANAGEMENT

3.1.7 Disable Instance Discoverability (DISCOVER_INST)

CONFIGURATION MANAGEMENT

3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS)

ACCESS CONTROL, MEDIA PROTECTION

3.1.9 Set Administrative Notification Level (NOTIFYLEVEL)

AUDIT AND ACCOUNTABILITY

3.1.10 Secure the Java Development Kit Installation Path (JDK_PATH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.11 Secure the Python Runtime Path (PYTHON_PATH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.12 Secure the R Runtime Path (R_PATH)

ACCESS CONTROL, MEDIA PROTECTION

3.1.13 Secure the Communication Buffer Exit Library (COMM_EXIT_LIST)

ACCESS CONTROL, MEDIA PROTECTION

3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD)

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE)

CONFIGURATION MANAGEMENT

3.2.3 Disable Grants During Restore (DB2_RESTORE_GRANT_ADMIN_AUTHORITIES)

ACCESS CONTROL, MEDIA PROTECTION

3.2.4 Enable Extended Security (DB2_EXTSECURITY)

ACCESS CONTROL, MEDIA PROTECTION

3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP)

ACCESS CONTROL, MEDIA PROTECTION

3.3.1 Secure Db2 Runtime Library

ACCESS CONTROL, MEDIA PROTECTION

4.1.2 Set Failed Archive Retry Delay (ARCHRETRYDELAY)

AUDIT AND ACCOUNTABILITY

4.1.3 Auto-restart After Abnormal Termination (AUTORESTART)

CONFIGURATION MANAGEMENT

4.1.4 Disable Database Discovery (DISCOVER_DB)

CONFIGURATION MANAGEMENT

4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1)

ACCESS CONTROL, MEDIA PROTECTION

4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2)

ACCESS CONTROL, MEDIA PROTECTION

4.1.7 Secure Permissions for the Tertiary Archive Log Location (FAILARCHPATH)

ACCESS CONTROL, MEDIA PROTECTION

4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH)

ACCESS CONTROL, MEDIA PROTECTION

4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH)

ACCESS CONTROL, MEDIA PROTECTION

4.1.10 Establish Retention Set Size for Backups (NUM_DB_BACKUPS)

CONTINGENCY PLANNING

4.1.11 Set Archive Log Failover Retry Limit (NUMARCHRETRY)

AUDIT AND ACCOUNTABILITY

4.1.12 Set Maximum Number of Applications (MAXAPPLS)

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure a Secure Connect Procedure is Used (CONNECT_PROC)

CONFIGURATION MANAGEMENT

4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION)

ACCESS CONTROL, MEDIA PROTECTION

4.1.15 Disable Database Discoverability (DISCOVER_DB)

CONFIGURATION MANAGEMENT

5.1 Specify a Secure Connection Authentication Type (SRVCON_AUTH)

ACCESS CONTROL

5.2 Specify a Secure Authentication Type (AUTHENTICATION)

ACCESS CONTROL

5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENC

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Database Manager Configuration Parameter: TRUST_ALLCLNTS

ACCESS CONTROL

5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH

ACCESS CONTROL

5.6 Database Manager Configuration Parameter: FED_NOAUTH

ACCESS CONTROL

5.8 DB2_GRP_LOOKUP Registry Variable (Windows only)

ACCESS CONTROL, MEDIA PROTECTION

5.9 DB2DOMAINLIST Registry Variable (Windows only)

ACCESS CONTROL

5.10 DB2AUTH Registry Variable

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.11 DB2CHGPWD_EEE Registry Variable

ACCESS CONTROL

6.1.1 Secure SYSADM Authority

ACCESS CONTROL, MEDIA PROTECTION

6.1.2 Secure SYSCTRL Authority

ACCESS CONTROL, MEDIA PROTECTION

6.1.3 Secure SYSMAINT Authority

ACCESS CONTROL, MEDIA PROTECTION

6.1.4 Secure SYSMON Authority

ACCESS CONTROL, MEDIA PROTECTION

7.1.1 Disable the Audit Buffer

AUDIT AND ACCOUNTABILITY

7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)

AUDIT AND ACCOUNTABILITY

7.1.4 Ensure Audit is Enabled Within the Instance

AUDIT AND ACCOUNTABILITY