CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB

Audit Details

Name: CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB

Updated: 6/17/2024

Authority: CIS

Plugin: IBM_DB2DB

Revision: 1.1

Estimated Item Count: 63

File Details

Filename: CIS_IBM_DB2_9_Benchmark_v3.0.1_Level_2_Database.audit

Size: 90 kB

MD5: 961a2531bee4f246fe10d18ed880da11
SHA256: ec61947e56dbad02299f2187e4bf0645333ecfb45c3422f87911887dd8f633f7

Audit Items

DescriptionCategories
3.1.1 Enable audit buffer
3.1.3 Require explicit authorization for cataloging
3.1.4 Disable data links support
3.1.5 Secure default database location - DFTDBPATH set to INSTANCE_HOME
3.1.7 Set diagnostic logging to capture errors and warnings
3.1.9 Require instance name for discovery requests
3.1.10 Disable instance discoverability
3.1.11 Authenticate federated users at the instance level

ACCESS CONTROL

3.1.12 Enable instance health monitoring
3.1.13 Retain fenced model processes
3.1.14 Set maximum connection limits - MAX_CONNECTIONS

ACCESS CONTROL

3.1.14 Set maximum connection limits - MAX_COORDAGENTS

ACCESS CONTROL

3.1.15 Set administrative notification level

AUDIT AND ACCOUNTABILITY

3.1.16 Enable server-based authentication

IDENTIFICATION AND AUTHENTICATION

3.2.1 Set failed archive retry delay
3.2.2 Set the database instance to auto-restart after abnormal termination
3.2.3 Disable database discovery
3.2.8 Establish retention set size for backups
3.2.9 Set archive log failover retry limit
4.1 Enforce label-based access controls implementation
5.1 Enable backup redundancy
5.3 Enable automatic database maintenance
6.1 Restrict Access to SYSCAT.AUDITPOLICIES

ACCESS CONTROL

6.2 Restrict Access to SYSCAT.AUDITUSE

ACCESS CONTROL

6.3 Restrict Access to SYSCAT.DBAUTH

ACCESS CONTROL

6.4 Restrict Access to SYSCAT.COLAUTH

ACCESS CONTROL

6.5 Restrict Access to SYSCAT.EVENTS

ACCESS CONTROL

6.6 Restrict Access to SYSCAT.EVENTTABLES

ACCESS CONTROL

6.7 Restrict Access to SYSCAT.ROUTINES

ACCESS CONTROL

6.8 Restrict Access to SYSCAT.INDEXAUTH

ACCESS CONTROL

6.9 Restrict Access to SYSCAT.PACKAGEAUTH

ACCESS CONTROL

6.10 Restrict Access to SYSCAT.PACKAGES

ACCESS CONTROL

6.11 Restrict Access to SYSCAT.PASSTHRUAUTH

ACCESS CONTROL

6.12 Restrict Access to SYSCAT.SECURITYLABELACCESS

ACCESS CONTROL

6.13 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTELEMENTS

ACCESS CONTROL

6.14 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTS

ACCESS CONTROL

6.15 Restrict Access to SYSCAT.SECURITYLABELS

ACCESS CONTROL

6.16 Restrict Access to SYSCAT.SECURITYPOLICIES

ACCESS CONTROL

6.17 Restrict Access to SYSCAT.SECURITYPOLICYCOMPONENTRULES

ACCESS CONTROL

6.18 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS

ACCESS CONTROL

6.19 Restrict Access to SYSCAT.SURROGATEAUTHIDS

ACCESS CONTROL

6.20 Restrict Access to SYSCAT.ROLEAUTH

ACCESS CONTROL

6.21 Restrict Access to SYSCAT.ROLES

ACCESS CONTROL

6.22 Restrict Access to SYSCAT.ROUTINEAUTH

ACCESS CONTROL

6.23 Restrict Access to SYSCAT.SCHEMAAUTH

ACCESS CONTROL

6.24 Restrict Access to SYSCAT.SCHEMATA

ACCESS CONTROL

6.25 Restrict Access to SYSCAT.SEQUENCEAUTH

ACCESS CONTROL

6.26 Restrict Access to SYSCAT.STATEMENTS

ACCESS CONTROL

6.27 Restrict Access to SYSCAT.PROCEDURES

ACCESS CONTROL

6.28 Restrict Access to SYSCAT.TABAUTH

ACCESS CONTROL