SQL6-D0-004700 - SQL Server must initiate session auditing upon startup.

Information

Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time SQL Server is running.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the SQL Audit(s) to automatically start during system start-up.

ALTER SERVER AUDIT [<Server Audit Name>] WITH STATE = ON

Execute the following query:

SELECT name AS 'Audit Name',
status_desc AS 'Audit Status',
audit_file_path AS 'Current Audit File'
FROM sys.dm_server_audit_status
WHERE status_desc = 'STARTED'

Ensure the SQL STIG Audit is configured to initiate session auditing upon startup.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2016_Y24M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-14(1), CAT|II, CCI|CCI-001464, Rule-ID|SV-213940r960888_rule, STIG-ID|SQL6-D0-004700, STIG-Legacy|SV-93847, STIG-Legacy|V-79141, Vuln-ID|V-213940

Plugin: MS_SQLDB

Control ID: bb3b6622e9c321aad68da452eb499a410c1761e8aa886307e3c2cb3674498b31