UCF STIG Viewer Logo

The DBMS must retain the notification message or banner on the screen until users take explicit actions to log on to the database.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32253 SRG-APP-000069-DB-000028 SV-42570r1_rule Medium
Description
To establish acceptance of system usage policy, a click-through banner at application logon is required. The banner shall prevent further activity on the application unless and until the user executes a positive action to manifest agreement. The text of this banner should be customizable in the event of future user agreement changes. If the user does not have to take positive action to manifest agreement to the banner the user could deny having seen or agreed to the contents of the banner.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40762r1_chk )
This requirement applies only to interactive accounts. Non-interactive accounts do not need to include a banner or positive action to proceed.

Log into the DBMS and verify the user must take positive action to manifest their acceptance of the banner before allowing the user to proceed unless the banner text was already displayed, and positive action required, to the user via the operating system logon on the server on which the application resides.
If the user does not have to take positive action to proceed into the DBMS, and has not already taken positive action via the operating system, this is a finding.
Fix Text (F-36177r1_fix)
For interactive accounts, configure the DBMS to enforce positive action manifesting acceptance of the banner before allowing user to proceed.