The DBMS must enforce dual authorization, based on organizational policies and procedures for organization defined privileged commands.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32204	SRG-APP-000034-DB-000006	SV-42521r1_rule		Medium

Description
Dual authorization requires two distinct approving authorities to approve the use of an application command prior to it being invoked. This capability is typically reserved for specific application functionality where the application owner, data owner, or organization requires an additional assurance that certain application commands are only invoked under the utmost authority. When a policy is defined stating that certain commands contained within an application require dual-authorization before they may be invoked, or when an organization defines a set of application related privileged commands requiring dual authorization, the application must support those requirements. Due to potential delays in obtaining secondary approvals prior to executing commands, dual authorization mechanisms should not be utilized when an immediate response is necessary in order to ensure public and/or environmental safety. If, after due consideration, it is determined the benefit of dual authorization outweighs identified risks, the organization must establish documented procedures, assign specific personnel to provide approvals, and establish operational exercises assuring that any risks to public safety, environmental safety or otherwise, are minimized. If dual authorization is not implemented for functionality where it is required, that functionality may be accessed and utilized without proper authorization. This could result in serious consequences to the information system as dual authorization should be utilized only for application functionality for which the utmost authority is required.

Description

Dual authorization requires two distinct approving authorities to approve the use of an application command prior to it being invoked. This capability is typically reserved for specific application functionality where the application owner, data owner, or organization requires an additional assurance that certain application commands are only invoked under the utmost authority. When a policy is defined stating that certain commands contained within an application require dual-authorization before they may be invoked, or when an organization defines a set of application related privileged commands requiring dual authorization, the application must support those requirements. Due to potential delays in obtaining secondary approvals prior to executing commands, dual authorization mechanisms should not be utilized when an immediate response is necessary in order to ensure public and/or environmental safety. If, after due consideration, it is determined the benefit of dual authorization outweighs identified risks, the organization must establish documented procedures, assign specific personnel to provide approvals, and establish operational exercises assuring that any risks to public safety, environmental safety or otherwise, are minimized. If dual authorization is not implemented for functionality where it is required, that functionality may be accessed and utilized without proper authorization. This could result in serious consequences to the information system as dual authorization should be utilized only for application functionality for which the utmost authority is required.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40709r2_chk )
If the organization has not defined privileged commands that require dual authorization, this is NA. Review DBMS vendor documentation to determine whether the DBMS is capable of enforcing dual authorization. If DBMS is capable of enforcing dual authorization, review DBMS settings to determine whether the DBMS is configured to enforce dual authorization for organization defined privileged commands. If the organization defines privileged commands that require dual authorization, and the DBMS product does not support the enforcement of dual authorization, this is a finding. If the organization defines privileged commands that require dual authorization, and the DBMS is capable of the enforcement of dual authorization but is not configured to enforce dual authorization on the commands that require it, this is a finding.

Check Text ( C-40709r2_chk )

If the organization has not defined privileged commands that require dual authorization, this is NA.

Review DBMS vendor documentation to determine whether the DBMS is capable of enforcing dual authorization. If DBMS is capable of enforcing dual authorization, review DBMS settings to determine whether the DBMS is configured to enforce dual authorization for organization defined privileged commands.

If the organization defines privileged commands that require dual authorization, and the DBMS product does not support the enforcement of dual authorization, this is a finding.

If the organization defines privileged commands that require dual authorization, and the DBMS is capable of the enforcement of dual authorization but is not configured to enforce dual authorization on the commands that require it, this is a finding.

Fix Text (F-36128r1_fix)
Utilize a DBMS product that can enforce dual authorization operations or acquire a DoD approved third party product to enforce dual authorization where required by the organization. Configure DBMS or third party software to enforce dual authorization on organizationally defined privileged commands.