Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DBMS must validate the binding of the information to the identity of the information producer.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32349 | SRG-APP-000082-DB-000166 | SV-42686r1_rule | Medium |
| Description |
|---|
| Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. This non-repudiation control enhancement is intended to mitigate the risk that information gets modified between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. When the identity of the producer of a piece of information is not bound to the information, the validity of the information can be questioned or the producer of the information can deny having produced it. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40797r1_chk ) |
|---|
| Review DBMS configuration to verify identity information is bound to any data being added to the database. If data is being added or processed in the database without identity information, this is a finding. |
| Fix Text (F-36263r1_fix) |
|---|
| Configure the DBMS to validate the binding of identity information to data being added to the database. |