Azure SQL Managed Instance must generate audit records when attempts to delete security objects occur.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-276257 | SRG-APP-000501-DB-000337 | MSQL-00-014400 | SV-276257r1150023_rule | 2025-10-07 | 1 |
| Description |
|---|
| The removal of security objects from the database/database management system (DBMS) would seriously degrade a system's information assurance posture. If such an action is attempted, it must be logged. To aid in diagnosis, it is necessary to keep track of failed attempts in addition to the successful ones. Satisfies: SRG-APP-000501-DB-000337, SRG-APP-000501-DB-000336 |
| ℹ️ Check |
|---|
| Review Azure SQL Managed Instance configuration to verify audit records are produced when unsuccessful attempts to delete security objects occur. Run this TSQL command to determine if Azure SQL Managed Instance Auditing AuditActionGroups are configured: SELECT a.name AS 'AuditName', s.name AS 'SpecName', d.audit_action_name AS 'ActionName', d.audited_result AS 'Result' FROM sys.server_audit_specifications s JOIN sys.server_audits a ON s.audit_guid = a.audit_guid JOIN sys.server_audit_specification_details d ON s.server_specification_id = d.server_specification_id WHERE a.is_state_enabled = 1 AND d.audit_action_name = 'SCHEMA_OBJECT_CHANGE_GROUP' If the 'SCHEMA_OBJECT_ACCESS_GROUP' is not returned in an active audit, this is a finding. |
| ✔️ Fix |
|---|
| Deploy an Azure SQL Managed Instance audit. Refer to the supplemental file "AzureSQLMIAudit.txt" script. Reference: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/auditing-configure?view=azuresql-mi |