UCF STIG Viewer Logo

The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32203 SRG-APP-000033-DB-000084 SV-42520r1_rule Medium
Description
Strong access controls are critical to securing application data. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) must be employed by applications, when applicable, to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, domains) in the information system. Consideration should be given to the implementation of an audited, explicit override of automated mechanisms in the event of emergencies or other serious events. If the DBMS does not follow applicable policy when approving access it may be in conflict with networks or other applications in the information system. This may result in users either gaining or being denied access inappropriately and in conflict with applicable policy.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40708r1_chk )
Check DBMS settings to determine whether users are restricted from accessing objects and data they are not authorized to access. If appropriate access controls are not implemented to restrict access to authorized users and to restrict the access of those users to objects and data they are authorized to see, this is a finding.
Fix Text (F-36127r1_fix)
Configure the DBMS settings and access controls to restrict user access to objects and data that the user is authorized to view or interact with.