Information
The ALTER USER statement is used to change database users' password, lock accounts, and expire passwords. In addition, this statement is used to change database properties of user accounts such as database profiles, default and temporary tablespaces, and tablespace quotas. This unified audit action enables logging of all ALTER USER statements, whether successful or unsuccessful, issued by the users regardless of the privileges held by the users to issue such statements.
Logging and monitoring of all attempts to alter user accounts, whether successful or unsuccessful, may provide clues and forensic evidences about potential suspicious/unauthorized activities. Any such activities may be a cause for further investigation. In addition, organization security policies and industry/government regulations may require logging of all activities involving ALTER USER
Solution
Execute the following SQL statement to remediate this setting.
ALTER AUDIT POLICY CIS_UNIFIED_AUDIT_POLICY
ADD
ACTIONS
ALTER USER;
Note: If you do not have CIS_UNIFIED_AUDIT_POLICY please create one using the CREATE AUDIT POLICY statement.