Ensure SQL Server audit with selected event types is enabled and has retention period of minimum 365 days for Azure SQL Database

MEDIUM

Description

SQL Server audit has retention period of less than 365 days for Azure SQL Database, this may make audit challenging.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Backups, under Retention policies, add retention policies.
Select save.

In Terraform -

In the azurerm_sql_database resource, set retention_days greater than 365 days.

References:
https://learn.microsoft.com/en-us/sql/relational-databases/database-mail/database-mail?view=sql-server-ver16
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_database#retention_days

Policy Details

Rule Reference ID: AC_AZURE_0382

CSP: Azure

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: azurerm_sql_database

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
HIPAA
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0