DBMS processes or services must run under custom, dedicated OS accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32234	SRG-APP-000062-DB-000010	SV-42551r1_rule		Medium

Description
Separation of duties is a prevalent Information Technology control that is implemented at different layers of the information system, including the operating system and in applications. It serves to eliminate or reduce the possibility that a single user may carry out a prohibited action. Separation of duties requires that the person accountable for approving an action is not the same person who is tasked with implementing or carrying out that action. The DBMS must run under a custom dedicated OS account. When the DBMS is running under a shared account, users with access to that account could inadvertently or maliciously make changes to DBMS’s settings, files, or permissions.

Description

Separation of duties is a prevalent Information Technology control that is implemented at different layers of the information system, including the operating system and in applications. It serves to eliminate or reduce the possibility that a single user may carry out a prohibited action. Separation of duties requires that the person accountable for approving an action is not the same person who is tasked with implementing or carrying out that action. The DBMS must run under a custom dedicated OS account. When the DBMS is running under a shared account, users with access to that account could inadvertently or maliciously make changes to DBMS’s settings, files, or permissions.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40743r1_chk )
Check OS settings to determine whether DBMS processes are running under a dedicated OS account. If the DBMS processes are running under shared accounts, this is a finding.

Fix Text (F-36158r1_fix)
Create a DBMS account dedicated to DBMS processes and allow only DBMS processes to run under the account.