Findings in the Security Assessment reports give recommendations to improve the security posture of the database and provide information for further analysis. Most findings consist of the following information:
- Status: A status value can be High Risk, Medium Risk, Low Risk, Advisory (improve security posture by enabling more security features and technology), Evaluate (needs manual analysis), or Pass (no errors found). A High Risk finding might require immediate remedial action, whereas lower-risk findings might be fixed during a scheduled downtime, or bundled together with other maintenance activities. Use these values to help you prioritize and schedule changes.
- Summary: This section presents a brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
- Details: This section provides information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
- Remarks: This section explains the reason for the rule and recommended actions for remediation. If a risk is reported, this section may also explain the recommended actions for remediation.
- References: This section provides information on whether the finding is related to a Center for Internet Security (CIS) recommendation, a General Data Protection Regulation (GDPR) Article/Recital, or a Security Technical Implementation Guide (STIG) recommendation.