DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows

Audit Details

Name: DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 28

File Details

Filename: DISA_STIG_IBM_DB2_v10.5_LUW_v2r1_OS_Windows.audit

Size: 93.4 kB

MD5: 744a3e01797945ad4deb4d599573e5b7
SHA256: 345ed8c1a68a2dfb9a94ad1b012532d0d67927661e1b80cedd9af9b3831bcaab

Audit Items

DescriptionCategories
DB2X-00-000300 - DB2 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals

ACCESS CONTROL

DB2X-00-002200 - The audit information produced by DB2 must be protected from unauthorized read access

AUDIT AND ACCOUNTABILITY

DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification

AUDIT AND ACCOUNTABILITY

DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion

AUDIT AND ACCOUNTABILITY

DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs).

CONFIGURATION MANAGEMENT

DB2X-00-003100 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

DB2X-00-003400 - Default demonstration and sample databases, database objects, and applications must be removed.

CONFIGURATION MANAGEMENT

DB2X-00-003500 - Unused database components, DBMS software, and database objects must be removed.

CONFIGURATION MANAGEMENT

DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments

CONFIGURATION MANAGEMENT

DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

DB2X-00-004100 - If passwords are used for authentication, DB2 must transmit only encrypted representations of passwords

IDENTIFICATION AND AUTHENTICATION

DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations

IDENTIFICATION AND AUTHENTICATION

DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Recovery Plan

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Tested

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.

AUDIT AND ACCOUNTABILITY

DB2X-00-007500 - DB2 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

AUDIT AND ACCOUNTABILITY

DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.

AUDIT AND ACCOUNTABILITY

DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

AUDIT AND ACCOUNTABILITY

DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration of DB2 or database(s).

CONFIGURATION MANAGEMENT

DB2X-00-008200 - DB2 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of DB2 or database(s)

CONFIGURATION MANAGEMENT

DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance

CONFIGURATION MANAGEMENT

DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.

AUDIT AND ACCOUNTABILITY

DISA_STIG_IBM_DB2_v10.5_LUW_v2r1_OS_Windows.audit from DISA IBM DB2 V10.5 LUW v2r1 STIG