CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB

Audit Details

Name: CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB

Updated: 6/17/2024

Authority: CIS

Plugin: IBM_DB2DB

Revision: 1.1

Estimated Item Count: 82

File Details

Filename: CIS_IBM_DB2_9_Benchmark_v3.0.1_Level_1_Database.audit

Size: 114 kB

MD5: 845c4e71d322a627aaba60d3d538362d
SHA256: 4b40f86d35820bfe14fdf15d54e5f554b8c36c08e12a788c0776ddad1994c6e9

Audit Items

DescriptionCategories
1.3 Leverage the least privilege principle
3.1.1 Enable audit buffer
3.1.3 Require explicit authorization for cataloging
3.1.4 Disable data links support
3.1.5 Secure default database location - DFTDBPATH set to INSTANCE_HOME
3.1.7 Set diagnostic logging to capture errors and warnings
3.1.9 Require instance name for discovery requests
3.1.10 Disable instance discoverability
3.1.11 Authenticate federated users at the instance level

ACCESS CONTROL

3.1.12 Enable instance health monitoring
3.1.13 Retain fenced model processes
3.1.14 Set maximum connection limits - MAX_CONNECTIONS

ACCESS CONTROL

3.1.14 Set maximum connection limits - MAX_COORDAGENTS

ACCESS CONTROL

3.1.15 Set administrative notification level

AUDIT AND ACCOUNTABILITY

3.1.16 Enable server-based authentication

IDENTIFICATION AND AUTHENTICATION

3.2.4 Secure permissions for the primary archive log location
3.2.5 Secure permissions for the secondary archive log location
3.2.6 Secure permissions for the tertiary archive log location
3.2.7 Secure permissions for the log mirror location
4.2 Review security rule exemptions
4.3 Review security label components
4.4 Review security label policies
4.5 Review security labels
5.1 Enable backup redundancy
5.2 Protect backups
5.3 Enable automatic database maintenance
5.4 Schedule Runstat and Reorg
6.1 Restrict Access to SYSCAT.AUDITPOLICIES

ACCESS CONTROL

6.2 Restrict Access to SYSCAT.AUDITUSE

ACCESS CONTROL

6.3 Restrict Access to SYSCAT.DBAUTH

ACCESS CONTROL

6.4 Restrict Access to SYSCAT.COLAUTH

ACCESS CONTROL

6.5 Restrict Access to SYSCAT.EVENTS

ACCESS CONTROL

6.6 Restrict Access to SYSCAT.EVENTTABLES

ACCESS CONTROL

6.7 Restrict Access to SYSCAT.ROUTINES

ACCESS CONTROL

6.8 Restrict Access to SYSCAT.INDEXAUTH

ACCESS CONTROL

6.9 Restrict Access to SYSCAT.PACKAGEAUTH

ACCESS CONTROL

6.10 Restrict Access to SYSCAT.PACKAGES

ACCESS CONTROL

6.11 Restrict Access to SYSCAT.PASSTHRUAUTH

ACCESS CONTROL

6.12 Restrict Access to SYSCAT.SECURITYLABELACCESS

ACCESS CONTROL

6.13 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTELEMENTS

ACCESS CONTROL

6.14 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTS

ACCESS CONTROL

6.15 Restrict Access to SYSCAT.SECURITYLABELS

ACCESS CONTROL

6.16 Restrict Access to SYSCAT.SECURITYPOLICIES

ACCESS CONTROL

6.17 Restrict Access to SYSCAT.SECURITYPOLICYCOMPONENTRULES

ACCESS CONTROL

6.18 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS

ACCESS CONTROL

6.19 Restrict Access to SYSCAT.SURROGATEAUTHIDS

ACCESS CONTROL

6.20 Restrict Access to SYSCAT.ROLEAUTH

ACCESS CONTROL

6.21 Restrict Access to SYSCAT.ROLES

ACCESS CONTROL

6.22 Restrict Access to SYSCAT.ROUTINEAUTH

ACCESS CONTROL

6.23 Restrict Access to SYSCAT.SCHEMAAUTH

ACCESS CONTROL