Applications must prevent the installation of organization defined critical software programs not signed with a certificate that has been recognized and approved by the organization.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32407	SRG-APP-000131-DB-NA	SV-42744r1_rule		Medium

Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, software defined by the organization as critical software may be signed with a certificate recognized and approved by the organization. Examples of critical software programs and/or modules include, for example, patches, service packs, software libraries and where applicable, device drivers. This requirement refers to change control functionality which is not the responsibility of the DBMS. This requirement is NA for databases.

Description

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, software defined by the organization as critical software may be signed with a certificate recognized and approved by the organization. Examples of critical software programs and/or modules include, for example, patches, service packs, software libraries and where applicable, device drivers. This requirement refers to change control functionality which is not the responsibility of the DBMS. This requirement is NA for databases.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40849r1_chk )
This check is NA for databases.

Fix Text (F-36322r1_fix)
This fix is NA for databases.