Detections
Analytics

CIS IBM DB2 11 v1.1.0 Windows OS Level 1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IBM DB2 11 v1.1.0 Windows OS Level 1

Updated: 12/4/2025

Authority: CIS

Plugin: Windows

Revision: 1.2

Estimated Item Count: 62

File Details

Filename: CIS_IBM_DB2_11_v1.1.0_Level_1_OS_Windows.audit

Size: 123 kB

MD5: b5083090f1c714dd677f0393b10af785
SHA256: ed44f2ae0bcdef9c40a357a2c093aec9a1eca163d4f4d190f11f433a4ab96e86

Audit Items

DescriptionCategories
3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH)
3.1.2 Secure Ppermissions for Default Database File Path (DFTDBPATH)
3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL)
3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH)
3.1.5 Secure Permissions for Alternate Diagnostic Log Path (ALT_DIAGPATH)
3.1.6 Disable Client Discovery Requests (DISCOVER)
3.1.7 Disable Instance Discoverability (DISCOVER_INST)
3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS)
3.1.9 Set Administrative Notification Level (NOTIFYLEVEL)
3.1.10 Secure the Java Development Kit Installation Path (JDK_PATH)
3.1.11 Secure the Python Runtime Path (PYTHON_PATH)
3.1.12 Secure the R Runtime Path (R_PATH)
3.1.13 Secure the Communication Buffer Exit Library (COMM_EXIT_LIST)
3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD)
3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE)
3.2.3 Disable Grants During Restore (DB2_RESTORE_GRANT_ADMIN_AUTHORITIES)
3.2.4 Enable Extended Security (DB2_EXTSECURITY)
3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP)
3.3.1 Secure Db2 Runtime Library
4.1.2 Set Failed Archive Retry Delay (ARCHRETRYDELAY)
4.1.3 Auto-restart After Abnormal Termination (AUTORESTART)
4.1.4 Disable Database Discovery (DISCOVER_DB)
4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1)
4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2)
4.1.7 Secure Permissions for the Tertiary Archive Log Location (FAILARCHPATH)
4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH)
4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH)
4.1.10 Establish Retention Set Size for Backups (NUM_DB_BACKUPS)
4.1.11 Set Archive Log Failover Retry Limit (NUMARCHRETRY)
4.1.12 Set Maximum Number of Applications (MAXAPPLS)
4.1.13 Ensure a Secure Connect Procedure is Used (CONNECT_PROC)
4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION)
4.1.15 Disable Database Discoverability (DISCOVER_DB)
5.1 Specify a Secure Connection Authentication Type (SRVCON_AUTH)
5.2 Specify a Secure Authentication Type (AUTHENTICATION)
5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENC
5.4 Database Manager Configuration Parameter: TRUST_ALLCLNTS
5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH
5.6 Database Manager Configuration Parameter: FED_NOAUTH
5.8 DB2_GRP_LOOKUP Registry Variable (Windows only)
5.9 DB2DOMAINLIST Registry Variable (Windows only)
5.10 DB2AUTH Registry Variable
5.11 DB2CHGPWD_EEE Registry Variable
6.1.1 Secure SYSADM Authority
6.1.2 Secure SYSCTRL Authority
6.1.3 Secure SYSMAINT Authority
6.1.4 Secure SYSMON Authority
7.1.1 Disable the Audit Buffer
7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)
7.1.4 Ensure Audit is Enabled Within the Instance