STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Azure SQL Database Security Technical Implementation Guide

V-255328

CAT II (Medium)

Azure SQL Database must initiate session auditing upon startup.

Rule ID

SV-255328r960888_rule

STIG

Microsoft Azure SQL Database Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001464

Discussion

Session auditing is for use when a user's activities are under investigation. To ensure capture of all activity during those periods when session auditing is in use, it needs to be in operation for the whole time Azure SQL Database is running.

Check Content

When Audits are enabled, they start up when the audits are enabled and remain operating until the audit is disabled. 

Check if an audit is configured and enabled. 
To determine if session auditing is configured and enabled, follow the instructions below: 
Run this TSQL command to determine if SQL Auditing is configured and enabled:
   SELECT *
   FROM sys.database_audit_specifications
   where (name = 'SqlDbAuditing_ServerAuditSpec' 
       or name = 'SqlDbAuditing_AuditSpec')
   and is_state_enabled = 1

All currently defined audits for the Azure SQL Database instance will be listed. If no audits are returned, this is a finding.

Fix Text

Deploy an Azure SQL Database audit.

Refer to the supplemental file "AzureSQLDatabaseAudit.txt" PowerShell script.

Reference: 
https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit