DB2X-00-001900 - Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity.

Information

It is critical that when the DBMS is at risk of failing to process audit logs as required, it take action to mitigate the failure. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.

When the need for system availability does not outweigh the need for a complete audit trail, the DBMS should cease production of audit records immediately, rolling back all in-flight transactions. DB2 does this when configured to track audit errors.

Systems where audit trail completeness is paramount will most likely be at a lower MAC level than MAC I; the final determination is the prerogative of the application owner, subject to Authorizing Official concurrence. In any case, sufficient auditing resources must be allocated to avoid a shutdown in all but the most extreme situations.

Solution

Drop and recreate the policy with ERROR TYPE as required by the ISSO or run the ALTER AUDIT POLICY command to set the ERROR TYPE as per ISSO requirement.

Run the following command to drop and recreate the policy:
DB2> DROP AUDIT POLICY <audit2>
DB2> CREATE AUDIT POLICY <audit2>
CATEGORIES EXECUTE WITH DATA STATUS BOTH ERROR TYPE AUDIT

To alter the audit policy:
DB2> ALTER AUDIT POLICY <audit2>
CATEGORIES EXECUTE WITH DATA STATUS BOTH ERROR TYPE AUDIT

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_DB2_V10-5_LUW_V2R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5b., CAT|II, CCI|CCI-000140, Rule-ID|SV-213681r879571_rule, STIG-ID|DB2X-00-001900, STIG-Legacy|SV-89125, STIG-Legacy|V-74451, Vuln-ID|V-213681

Plugin: IBM_DB2DB

Control ID: 8c26d0e6c5a18ada8067fe9e345237a2a6d563207370f4d96458983a98e24501