DISA STIG IBM DB2 v10.5 LUW v1r3 OS Linux

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG IBM DB2 v10.5 LUW v1r3 OS Linux

Updated: 1/30/2020

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 45

Audit Items

Description	Categories
DB2X-00-000300 - DB2 must integrate with an organization-level authentication/access mechanism providing account management - config file	IDENTIFICATION AND AUTHENTICATION
DB2X-00-002200 - The audit information produced by DB2 must be protected from unauthorized read access. - ownership	CONFIGURATION MANAGEMENT
DB2X-00-002200 - The audit information produced by DB2 must be protected from unauthorized read access. - verify setting	AUDIT AND ACCOUNTABILITY
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification. - ownership	CONFIGURATION MANAGEMENT
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification. - verify setting	AUDIT AND ACCOUNTABILITY
DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion. - ownership	CONFIGURATION MANAGEMENT
DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion. - verify setting	AUDIT AND ACCOUNTABILITY
DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries - INSTALL	ACCESS CONTROL
DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries - INSTANCE	CONFIGURATION MANAGEMENT
DB2X-00-003100 - Database software, including DBMS configuration files, must be stored in dedicated directories - INSTALL	CONFIGURATION MANAGEMENT
DB2X-00-003100 - Database software, including DBMS configuration files, must be stored in dedicated directories - INSTANCE	CONFIGURATION MANAGEMENT
DB2X-00-003400 - Default demonstration and sample databases, database objects, and applications must be removed.	CONFIGURATION MANAGEMENT
DB2X-00-003500 - Unused database components, DBMS software, and database objects must be removed.	CONFIGURATION MANAGEMENT
DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined ports - SSL_SVCENAME	CONFIGURATION MANAGEMENT
DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined ports - SVCENAME	CONFIGURATION MANAGEMENT
DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined protocols	CONFIGURATION MANAGEMENT
DB2X-00-004100 - If passwords are used for authentication, DB2 must transmit only encrypted representations of passwords. - AUTHENTICATION	IDENTIFICATION AND AUTHENTICATION
DB2X-00-004100 - If passwords are used for authentication, DB2 must transmit only encrypted representations of passwords. - DB2AUTH	IDENTIFICATION AND AUTHENTICATION
DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. - DB2COMM	SYSTEM AND COMMUNICATIONS PROTECTION
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks - SSL	SYSTEM AND COMMUNICATIONS PROTECTION
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks - SSL_SVCENAME	SYSTEM AND COMMUNICATIONS PROTECTION
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks - SVCENAME	SYSTEM AND COMMUNICATIONS PROTECTION
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure - History	CONTINGENCY PLANNING
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure - Recovery Plan
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure - Roll forward	CONTINGENCY PLANNING
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure - Tested
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users. - Audit Log	AUDIT AND ACCOUNTABILITY
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users. - Backup History	ACCESS CONTROL
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users. - Database	ACCESS CONTROL
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users. - Instance	ACCESS CONTROL
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users. - LOGARCHMETH	ACCESS CONTROL
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users. - Transaction Paths	ACCESS CONTROL
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.	AUDIT AND ACCOUNTABILITY
DB2X-00-007500 - DB2 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.	AUDIT AND ACCOUNTABILITY
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum	AUDIT AND ACCOUNTABILITY
DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring alerts
DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration - Install	ACCESS CONTROL
DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration - Instance	ACCESS CONTROL
DB2X-00-008200 - DB2 must produce audit records of its enforcement of access restrictions associated with changes - OS Auditing	AUDIT AND ACCOUNTABILITY
DB2X-00-008300 - DB2 must disable network ports and services deemed by the organization to be nonsecure - SSL_SVCENAME	CONFIGURATION MANAGEMENT
DB2X-00-008300 - DB2 must disable network ports and services deemed by the organization to be nonsecure - SVCENAME	CONFIGURATION MANAGEMENT
DB2X-00-008300 - DB2 must disable network protocols, and services deemed by the organization to be nonsecure - SSL	CONFIGURATION MANAGEMENT
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.	SYSTEM AND COMMUNICATIONS PROTECTION
DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.	SYSTEM AND COMMUNICATIONS PROTECTION
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility	AUDIT AND ACCOUNTABILITY

Detections

Analytics

DISA STIG IBM DB2 v10.5 LUW v1r3 OS Linux

Warning! Audit Deprecated

Audit Details

Audit Items